Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    67 vulnerabilities

    CVE-2025-31344 (GCVE-0-2025-31344)

    Vulnerability from cvelistv5 – Published: 2025-04-14 07:49 – Updated: 2025-04-14 13:39
    VLAI
    Title
    The giflib open-source component has a buffer overflow vulnerability
    Summary
    Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    openEuler giflib Affected: 0 , ≤ 5.2.2 (git)
    Create a notification for this product.
    Credits
    Jiaxuan Song(m202372152@hust.edu.cn) bale.cen (cenxianlong@huawei.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-04-14T08:05:04.085Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/07/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/07/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/07/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/07/6"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/08/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/09/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/09/7"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/04/10/1"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31344",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:36:32.164077Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:39:00.299Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "packageName": "giflib",
              "platforms": [
                "Linux"
              ],
              "product": "giflib",
              "programFiles": [
                "gif2rgb.c"
              ],
              "repo": "https://gitee.com/src-openeuler/giflib",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2c10c1abf8ff2e88b1da04e050bb721487b73fa3",
                      "status": "affected"
                    }
                  ],
                  "lessThanOrEqual": "5.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jiaxuan Song(m202372152@hust.edu.cn)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "bale.cen (cenxianlong@huawei.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003egif2rgb.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects giflib: through 5.2.2.\u003c/p\u003e"
                }
              ],
              "value": "Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C.\n\nThis issue affects giflib: through 5.2.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-14T07:49:36.597Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1292"
            },
            {
              "url": "https://gitee.com/src-openeuler/giflib/pulls/54"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "The giflib open-source component has a buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2025-31344",
        "datePublished": "2025-04-14T07:49:36.597Z",
        "dateReserved": "2025-03-28T07:29:55.637Z",
        "dateUpdated": "2025-04-14T13:39:00.299Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24898 (GCVE-0-2024-24898)

    Vulnerability from cvelistv5 – Published: 2024-04-15 12:04 – Updated: 2024-08-01 23:28
    VLAI
    Title
    Information Leakage in kernel
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    openEuler kernel Affected: 4.19.90-2109.1.0.0108 , < 4.19.90-2403.4.0.0244 (git)
    Create a notification for this product.
    Date Public
    2024-04-03 02:00
    Credits
    chlu22@m.fudan.edu.cn caoyh23@m.fudan.edu.cn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-15T18:07:35.529789Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:43:39.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:12.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1358"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1321"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1322"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "platforms": [
                "Linux"
              ],
              "product": "kernel",
              "programFiles": [
                "https://gitee.com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.c"
              ],
              "repo": "https://gitee.com/openeuler/kernel",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "c04a1c6afc6bca0fa5739ecf4f58e4723d82e82f",
                      "status": "unaffected"
                    },
                    {
                      "at": "4a049cbb02e83fdd7bd9400b6b6b27d1cda4fc99",
                      "status": "unaffected"
                    },
                    {
                      "at": "08f66d6cf651fabd9dff262c300cb8cd7f8f0741",
                      "status": "unaffected"
                    },
                    {
                      "at": "a3360846085a5558e5d8f9dd42a5c2e83345b4db",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "4.19.90-2403.4.0.0244",
                  "status": "affected",
                  "version": "4.19.90-2109.1.0.0108",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "chlu22@m.fudan.edu.cn"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "caoyh23@m.fudan.edu.cn"
            }
          ],
          "datePublic": "2024-04-03T02:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.\n\nThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T12:04:31.270Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1358"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1321"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1320"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1322"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Leakage in kernel",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24898",
        "datePublished": "2024-04-15T12:04:31.270Z",
        "dateReserved": "2024-02-01T12:52:39.758Z",
        "dateUpdated": "2024-08-01T23:28:12.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24891 (GCVE-0-2024-24891)

    Vulnerability from cvelistv5 – Published: 2024-04-15 12:03 – Updated: 2024-08-20 17:41
    VLAI
    Title
    Information Leakage in kernel
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    openEuler kernel Affected: 4.19.90-2109.1.0.0108 , < 4.19.90-2403.4.0.0244 (git)
    Create a notification for this product.
    Date Public
    2024-04-03 02:06
    Credits
    chlu22@m.fudan.edu.cn caoyh23@m.fudan.edu.cn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:12.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1358"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/openeuler/kernel/pulls/2810"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1321"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1320"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1322"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24891",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-20T17:41:09.914934Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-20T17:41:19.874Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "kernel",
              "platforms": [
                "Linux"
              ],
              "product": "kernel",
              "programFiles": [
                "https://gitee.com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.c"
              ],
              "repo": "https://gitee.com/openeuler/kernel",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "c04a1c6afc6bca0fa5739ecf4f58e4723d82e82f",
                      "status": "unaffected"
                    },
                    {
                      "at": "4a049cbb02e83fdd7bd9400b6b6b27d1cda4fc99",
                      "status": "unaffected"
                    },
                    {
                      "at": "08f66d6cf651fabd9dff262c300cb8cd7f8f0741",
                      "status": "unaffected"
                    },
                    {
                      "at": "a3360846085a5558e5d8f9dd42a5c2e83345b4db",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "4.19.90-2403.4.0.0244",
                  "status": "affected",
                  "version": "4.19.90-2109.1.0.0108",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "chlu22@m.fudan.edu.cn"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "caoyh23@m.fudan.edu.cn"
            }
          ],
          "datePublic": "2024-04-03T02:06:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C.\n\nThis issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-15T12:03:40.643Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1358"
            },
            {
              "url": "https://gitee.com/openeuler/kernel/pulls/2810"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1321"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1320"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1322"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Leakage in kernel",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24891",
        "datePublished": "2024-04-15T12:03:40.643Z",
        "dateReserved": "2024-02-01T12:52:39.757Z",
        "dateUpdated": "2024-08-20T17:41:19.874Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24892 (GCVE-0-2024-24892)

    Vulnerability from cvelistv5 – Published: 2024-03-25 07:13 – Updated: 2024-08-01 23:28
    VLAI
    Title
    Unauthorized RCE in migration-tools
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    openEuler migration-tools Affected: 1.0.0 , ≤ 1.0.1 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24892",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T18:23:10.690321Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:43:29.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:12.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/migration-tools/pulls/12"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "migration-tools",
              "platforms": [
                "Linux"
              ],
              "product": "migration-tools",
              "programFiles": [
                "https://gitee.com/openeuler/migration-tools/blob/master/index.py"
              ],
              "repo": "https://gitee.com/openeuler/migration-tools",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "05c594485849e261a528bdd694363b5bade32bbd",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.0.1",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/migration-tools/blob/master/index.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects migration-tools: from 1.0.0 through 1.0.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py.\n\nThis issue affects migration-tools: from 1.0.0 through 1.0.1.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-58",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-58 Restful Privilege Elevation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-25T07:13:46.510Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275"
            },
            {
              "url": "https://gitee.com/src-openeuler/migration-tools/pulls/12"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthorized RCE in migration-tools",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24892",
        "datePublished": "2024-03-25T07:13:46.510Z",
        "dateReserved": "2024-02-01T12:52:39.757Z",
        "dateUpdated": "2024-08-01T23:28:12.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24899 (GCVE-0-2024-24899)

    Vulnerability from cvelistv5 – Published: 2024-03-25 07:13 – Updated: 2024-08-12 18:43
    VLAI
    Title
    Command injection in aops-zeus
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler aops-zeus Affected: 1.2.0 , ≤ 1.4.0 (git)
    Create a notification for this product.
    openeuler aops-zeus Affected: 1.2.0 , ≤ 1.4.1 (git)
        cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "aops-zeus",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "1.4.1",
                    "status": "affected",
                    "version": "1.2.0",
                    "versionType": "git"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-21T19:10:20.384856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:43:05.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:13.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/108"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/107"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "aops-zeus",
              "platforms": [
                "Linux"
              ],
              "product": "aops-zeus",
              "programFiles": [
                "https://gitee.com/openeuler/aops-zeus/blob/master/zeus/conf/constant.py"
              ],
              "repo": "https://gitee.com/openeuler/aops-zeus",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "508db6b6a65d0ff392dbab5d86c50d57c5057b5b",
                      "status": "unaffected"
                    },
                    {
                      "at": "b7899a20e869978020e1978fe54b361166a5cfef",
                      "status": "unaffected"
                    },
                    {
                      "at": "7e32e65bbd520a012a23f3d87124beab6e6bef5f",
                      "status": "unaffected"
                    },
                    {
                      "at": "3266b560d27c64446880497188f850364af00175",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-zeus on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects aops-zeus: from 1.2.0 through 1.4.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py.\n\nThis issue affects aops-zeus: from 1.2.0 through 1.4.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-25T07:13:13.251Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291"
            },
            {
              "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/108"
            },
            {
              "url": "https://gitee.com/src-openeuler/aops-zeus/pulls/107"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in aops-zeus",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24899",
        "datePublished": "2024-03-25T07:13:13.251Z",
        "dateReserved": "2024-02-01T12:52:39.758Z",
        "dateUpdated": "2024-08-12T18:43:05.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24897 (GCVE-0-2024-24897)

    Vulnerability from cvelistv5 – Published: 2024-03-25 07:10 – Updated: 2024-08-12 18:46
    VLAI
    Title
    Remote command execution in A-Tune-Collector
    Summary
    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler A-Tune-Collector Affected: 1.1.0-3 , ≤ 1.3.0 (git)
    Create a notification for this product.
    openeuler a-tune-collector Affected: 1.1.0-3 , ≤ 1.3.0 (git)
        cpe:2.3:a:openeuler:a-tune-collector:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    dbearzhu@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:13.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:a-tune-collector:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "a-tune-collector",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "1.3.0",
                    "status": "affected",
                    "version": "1.1.0-3",
                    "versionType": "git"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24897",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-25T18:24:40.607981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:46:09.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "A-Tune-Collector",
              "platforms": [
                "Linux"
              ],
              "product": "A-Tune-Collector",
              "programFiles": [
                "https://gitee.com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.py"
              ],
              "repo": "https://gitee.com/openeuler/A-Tune-Collector",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "https://gitee.com/src-openeuler/A-Tune-Collector/commit/b457eb50cb7528a16a82812562f7627ec6712cf6",
                      "status": "unaffected"
                    },
                    {
                      "at": "https://gitee.com/src-openeuler/A-Tune-Collector/commit/588032f3067f01aef49ee2583888370cae015517",
                      "status": "unaffected"
                    },
                    {
                      "at": "https://gitee.com/src-openeuler/A-Tune-Collector/commit/d6923f8d15ba17b3c517dff289c12480023909ea",
                      "status": "unaffected"
                    },
                    {
                      "at": "https://gitee.com/src-openeuler/A-Tune-Collector/commit/9b4b6990517d5427a8b48a1beb4dfc233ff91a14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.0",
                  "status": "affected",
                  "version": "1.1.0-3",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dbearzhu@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py.\n\nThis issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-25T07:10:48.934Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271"
            },
            {
              "url": "https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45"
            },
            {
              "url": "https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote command execution in A-Tune-Collector",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24897",
        "datePublished": "2024-03-25T07:10:48.934Z",
        "dateReserved": "2024-02-01T12:52:39.758Z",
        "dateUpdated": "2024-08-12T18:46:09.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24890 (GCVE-0-2024-24890)

    Vulnerability from cvelistv5 – Published: 2024-03-25 07:09 – Updated: 2024-08-12 18:44
    VLAI
    Title
    Command injection in ioprobe of gala-gopher
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler gala-gopher Affected: 0 , ≤ 1.0.2 (git)
    Create a notification for this product.
    openeuler gala-gopher Affected: 0 , ≤ 1.0.2 (git)
        cpe:2.3:a:openeuler:gala-gopher:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:28:13.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/81"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/85"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/82"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:gala-gopher:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "gala-gopher",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "1.0.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "git"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24890",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-01T19:37:31.069507Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:44:27.814Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "packageName": "gala-gopher",
              "platforms": [
                "Linux"
              ],
              "product": "gala-gopher",
              "programFiles": [
                "https://gitee.com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.probe/src/ioprobe/ioprobe.c"
              ],
              "repo": "https://gitee.com/src-openeuler/gala-gopher",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "7389bb2057607dede5f0c9ba397add9a5c162850",
                      "status": "unaffected"
                    },
                    {
                      "at": "0ca5c078c3b1af40add007cffbdc0bd539a59fa0",
                      "status": "unaffected"
                    },
                    {
                      "at": "60c6826aa5f5e7e9598c2d5cb97663b0fabc5f49",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler gala-gopher on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects gala-gopher: through 1.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C.\n\nThis issue affects gala-gopher: through 1.0.2.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-25T07:09:25.879Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277"
            },
            {
              "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/81"
            },
            {
              "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/85"
            },
            {
              "url": "https://gitee.com/src-openeuler/gala-gopher/pulls/82"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection in ioprobe of gala-gopher",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2024-24890",
        "datePublished": "2024-03-25T07:09:25.879Z",
        "dateReserved": "2024-02-01T12:52:39.756Z",
        "dateUpdated": "2024-08-12T18:44:27.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33632 (GCVE-0-2021-33632)

    Vulnerability from cvelistv5 – Published: 2024-03-25 06:59 – Updated: 2024-08-03 23:58
    VLAI
    Title
    TOCTOU Race Condition problem in iSulad
    Summary
    Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    openEuler iSulad Affected: 2.0.18-13
    Affected: 2.1.4-1 , ≤ 2.1.4-2 (git)
    Create a notification for this product.
    openeuler isula Affected: 2.0.18-13
        cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*
    Create a notification for this product.
    openeuler isula Affected: 2.1.4-1 , ≤ 2.1.4-2 (git)
        cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    dbearzhu@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isula",
                "vendor": "openeuler",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.18-13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isula",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "2.1.4-2",
                    "status": "affected",
                    "version": "2.1.4-1",
                    "versionType": "git"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33632",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T19:14:49.794932Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:19:38.237Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.422Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/openeuler",
              "defaultStatus": "unaffected",
              "packageName": "iSulad",
              "platforms": [
                "Linux"
              ],
              "product": "iSulad",
              "programFiles": [
                "https://gitee.com/openeuler/iSulad/blob/master/src/cmd/isulad/main.c"
              ],
              "repo": "https://gitee.com/openeuler/iSulad",
              "vendor": "openEuler",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.18-13"
                },
                {
                  "changes": [
                    {
                      "at": "7cb6c860e9b56def7667096351cabf793dc5645a upgrade from upstream",
                      "status": "unaffected"
                    },
                    {
                      "at": "317841cf45d60159c14df77c2167a6ddcf673061 upgrade from upstream",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.1.4-2",
                  "status": "affected",
                  "version": "2.1.4-1",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "dbearzhu@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\u003c/p\u003e"
                }
              ],
              "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-29",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-25T06:59:53.586Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/645"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/640"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/639"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TOCTOU Race Condition problem in iSulad",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33632",
        "datePublished": "2024-03-25T06:59:42.307Z",
        "dateReserved": "2021-05-28T14:26:05.941Z",
        "dateUpdated": "2024-08-03T23:58:21.422Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33633 (GCVE-0-2021-33633)

    Vulnerability from cvelistv5 – Published: 2024-03-23 11:29 – Updated: 2024-08-12 18:42
    VLAI
    Title
    Command Injection in aops-ceres
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler aops-ceres Affected: 1.3.0 , ≤ 1.4.1 (git)
    Create a notification for this product.
    openeuler aops-zeus Affected: 1.3.0 , ≤ 1.4.1 (git)
        cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/aops-ceres/pulls/159"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/aops-ceres/pulls/158"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "aops-zeus",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "1.4.1",
                    "status": "affected",
                    "version": "1.3.0",
                    "versionType": "git"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33633",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-01T19:34:09.616801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T18:42:35.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "ceres"
              ],
              "packageName": "aops-ceres",
              "platforms": [
                "Linux"
              ],
              "product": "aops-ceres",
              "programFiles": [
                "https://gitee.com/openeuler/aops-ceres/blob/master/ceres/function/util.py"
              ],
              "repo": "https://gitee.com/src-openeuler/aops-ceres",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "261133e1d33ed24fedc775e426740dc749108310",
                      "status": "unaffected"
                    },
                    {
                      "at": "6aa4bd6c9e8cda79856343d9573170e85081a44d",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.4.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-ceres on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003eceres/function/util.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects aops-ceres: from 1.3.0 through 1.4.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py.\n\nThis issue affects aops-ceres: from 1.3.0 through 1.4.1.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-23T11:29:44.343Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159"
            },
            {
              "url": "https://gitee.com/src-openeuler/aops-ceres/pulls/159"
            },
            {
              "url": "https://gitee.com/src-openeuler/aops-ceres/pulls/158"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection in aops-ceres",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33633",
        "datePublished": "2024-03-23T11:29:44.343Z",
        "dateReserved": "2021-05-28T14:26:05.941Z",
        "dateUpdated": "2024-08-12T18:42:35.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33631 (GCVE-0-2021-33631)

    Vulnerability from cvelistv5 – Published: 2024-01-18 15:05 – Updated: 2025-02-13 16:28
    VLAI
    Title
    Kernel crash in EXT4 filesystem
    Summary
    Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    openEuler kernel Affected: 4.19.90 , < 4.19.90-2401.3 (git)
    Affected: 5.10.0-60.18.0 , < 5.10.0-183.0.0 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33631",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T18:54:33.956367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T20:45:02.175Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1396"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "filesystem"
              ],
              "packageName": "kernel",
              "platforms": [
                "Linux"
              ],
              "product": "kernel",
              "programFiles": [
                "https://gitee.com/openeuler/kernel/blob/openEuler-22.03-LTS/fs/ext4/inline.c"
              ],
              "repo": "https://gitee.com/src-openeuler/kernel",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "cf1d16ea2f1086c0765348344b70aa2361436642 ext4: fix kernel BUG in \u0027ext4_write_inline_data_end()\u0027",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "4.19.90-2401.3",
                  "status": "affected",
                  "version": "4.19.90",
                  "versionType": "git"
                },
                {
                  "changes": [
                    {
                      "at": "1587126a0f2a79b3ee6cb309bbfaf079c39eda29 ext4: fix kernel BUG in \u0027ext4_write_inline_data_end()\u0027",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "5.10.0-183.0.0",
                  "status": "affected",
                  "version": "5.10.0-60.18.0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.\u003cp\u003eThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.\u003c/p\u003e"
                }
              ],
              "value": "Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-92",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-92 Forced Integer Overflow"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-03T00:06:22.864Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1032"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1033"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1034"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1035"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1396"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Kernel crash in EXT4 filesystem",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33631",
        "datePublished": "2024-01-18T15:05:58.610Z",
        "dateReserved": "2021-05-28T14:26:05.941Z",
        "dateUpdated": "2025-02-13T16:28:21.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33630 (GCVE-0-2021-33630)

    Vulnerability from cvelistv5 – Published: 2024-01-18 15:00 – Updated: 2025-05-07 20:14
    VLAI
    Title
    NULL-ptr-deref in network sched
    Summary
    NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    openEuler kernel Affected: 4.19.90 , < 4.19.90-2401.3 (git)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33630",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T20:14:40.648453Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T20:14:53.453Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "network"
              ],
              "packageName": "kernel",
              "platforms": [
                "Linux"
              ],
              "product": "kernel",
              "programFiles": [
                "https://gitee.com/openeuler/kernel/blob/openEuler-1.0-LTS/net/sched/sch_cbs.c"
              ],
              "repo": "https://gitee.com/src-openeuler/kernel",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "b2239f607df25fc401179e6dd4b7406f942a7632 net/sched: cbs: Fix not adding cbs instance to list",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "4.19.90-2401.3",
                  "status": "affected",
                  "version": "4.19.90",
                  "versionType": "git"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003enet/sched/sch_cbs.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.\u003c/p\u003e"
                }
              ],
              "value": "NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C.\n\nThis issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-129",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-129 Pointer Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-27T12:09:01.557Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030"
            },
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031"
            },
            {
              "url": "https://gitee.com/src-openeuler/kernel/pulls/1389"
            },
            {
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/4"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/5"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/30/10"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/31/3"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/01/31/2"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/02/6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/02/9"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/02/03/1"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "NULL-ptr-deref in network sched",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33630",
        "datePublished": "2024-01-18T15:00:49.312Z",
        "dateReserved": "2021-05-28T14:26:05.940Z",
        "dateUpdated": "2025-05-07T20:14:53.453Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33638 (GCVE-0-2021-33638)

    Vulnerability from cvelistv5 – Published: 2023-10-29 07:59 – Updated: 2024-09-09 14:09
    VLAI
    Title
    Run copy with container in a malicious directory may cause container escaping
    Summary
    When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    openEuler iSulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (patch)
    Create a notification for this product.
    Credits
    panwenjie2@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.075Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33638",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:09:31.917709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:09:44.635Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "image"
              ],
              "packageName": "iSulad",
              "platforms": [
                "Linux"
              ],
              "product": "iSulad",
              "programFiles": [
                "https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
              ],
              "repo": "https://gitee.com/src-openeuler/iSulad",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
                      "status": "unaffected"
                    },
                    {
                      "at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "panwenjie2@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
                }
              ],
              "value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-480",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-480 Escaping Virtualization"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T07:59:45.026Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Run copy with container in a malicious directory may cause container escaping",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33638",
        "datePublished": "2023-10-29T07:59:45.026Z",
        "dateReserved": "2021-05-28T14:26:05.943Z",
        "dateUpdated": "2024-09-09T14:09:44.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33637 (GCVE-0-2021-33637)

    Vulnerability from cvelistv5 – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:10
    VLAI
    Title
    Export container in a malicious directory may cause process to be hijacked
    Summary
    When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    openEuler iSulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (patch)
    Create a notification for this product.
    Credits
    panwenjie2@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33637",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:10:22.389662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:10:35.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "image"
              ],
              "packageName": "iSulad",
              "platforms": [
                "Linux"
              ],
              "product": "iSulad",
              "programFiles": [
                "https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
              ],
              "repo": "https://gitee.com/src-openeuler/iSulad",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
                      "status": "unaffected"
                    },
                    {
                      "at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "panwenjie2@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
                }
              ],
              "value": "\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T07:58:55.220Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Export container in a malicious directory may cause process to be hijacked",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33637",
        "datePublished": "2023-10-29T07:58:55.220Z",
        "dateReserved": "2021-05-28T14:26:05.942Z",
        "dateUpdated": "2024-09-09T14:10:35.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33636 (GCVE-0-2021-33636)

    Vulnerability from cvelistv5 – Published: 2023-10-29 07:58 – Updated: 2024-09-09 14:15
    VLAI
    Title
    Load malicious images may cause process to be hijacked
    Summary
    When the isula load command is used to load malicious images, attackers can execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler iSulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (patch)
    Create a notification for this product.
    openeuler isulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (custom)
        cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    panwenjie2@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isulad",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33636",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:11:00.313285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:15:38.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "image"
              ],
              "packageName": "iSulad",
              "platforms": [
                "Linux"
              ],
              "product": "iSulad",
              "programFiles": [
                "https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
              ],
              "repo": "https://gitee.com/src-openeuler/iSulad",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
                      "status": "unaffected"
                    },
                    {
                      "at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "panwenjie2@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
                }
              ],
              "value": "\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T07:58:05.033Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Load malicious images may cause process to be hijacked",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33636",
        "datePublished": "2023-10-29T07:58:05.033Z",
        "dateReserved": "2021-05-28T14:26:05.942Z",
        "dateUpdated": "2024-09-09T14:15:38.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33635 (GCVE-0-2021-33635)

    Vulnerability from cvelistv5 – Published: 2023-10-29 07:56 – Updated: 2024-09-09 14:20
    VLAI
    Title
    Pull malicious images may cause process to be hijacked
    Summary
    When malicious images are pulled by isula pull, attackers can execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    openEuler iSulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (patch)
    Create a notification for this product.
    openeuler isulad Affected: 0 , ≤ 2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2 (custom)
        cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    panwenjie2@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:openeuler:isulad:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "isulad",
                "vendor": "openeuler",
                "versions": [
                  {
                    "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:17:09.942436Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:20:16.034Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "image"
              ],
              "packageName": "iSulad",
              "platforms": [
                "Linux"
              ],
              "product": "iSulad",
              "programFiles": [
                "https://gitee.com/openeuler/iSulad/blob/master/src/utils/tar/util_archive.c"
              ],
              "repo": "https://gitee.com/src-openeuler/iSulad",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0102-fix-loading-of-nsswitch-based-config-inside-chr.patch",
                      "status": "unaffected"
                    },
                    {
                      "at": "0106-fix-loading-of-nsswitch-based-config-inside-chroot-u.patch",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.0.8-20210518.144540.git5288ed93,2.0.18-10,2.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "panwenjie2@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
                }
              ],
              "value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T07:56:44.304Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files"
            },
            {
              "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Pull malicious images may cause process to be hijacked",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33635",
        "datePublished": "2023-10-29T07:56:44.304Z",
        "dateReserved": "2021-05-28T14:26:05.942Z",
        "dateUpdated": "2024-09-09T14:20:16.034Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33634 (GCVE-0-2021-33634)

    Vulnerability from cvelistv5 – Published: 2023-10-29 07:51 – Updated: 2024-09-09 14:22
    VLAI
    Title
    Malicious image running containers may cause DoS attacks
    Summary
    iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    openEuler lcr Affected: 0 , ≤ 2.0.9-6,2.1.2-3 (patch)
    Create a notification for this product.
    Credits
    panwenjie2@huawei.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/lcr/pulls/251/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/lcr/pulls/257/files"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1692"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33634",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-09T14:22:10.912559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T14:22:28.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitee.com/src-openeuler",
              "defaultStatus": "unaffected",
              "modules": [
                "runtime"
              ],
              "packageName": "lcr",
              "platforms": [
                "Linux"
              ],
              "product": "lcr",
              "programFiles": [
                "https://gitee.com/openeuler/lcr/blob/master/src/runtime/lcrcontainer.c"
              ],
              "repo": "https://gitee.com/src-openeuler/lcr",
              "vendor": "openEuler",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "0012-265-set-env-to-avoid-invoke-lxc-binary-directly.patch",
                      "status": "unaffected"
                    },
                    {
                      "at": "0008-266-set-env-to-avoid-invoke-lxc-binary-directly.patch",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.0.9-6,2.1.2-3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "patch"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "panwenjie2@huawei.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.\n\n"
                }
              ],
              "value": "iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-665",
                  "description": "CWE-665 Improper Initialization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-29T07:51:49.342Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://gitee.com/src-openeuler/lcr/pulls/251/files"
            },
            {
              "url": "https://gitee.com/src-openeuler/lcr/pulls/257/files"
            },
            {
              "url": "https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1692"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Malicious image running containers may cause DoS attacks",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33634",
        "datePublished": "2023-10-29T07:51:49.342Z",
        "dateReserved": "2021-05-28T14:26:05.941Z",
        "dateUpdated": "2024-09-09T14:22:28.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33639 (GCVE-0-2021-33639)

    Vulnerability from cvelistv5 – Published: 2023-03-08 00:00 – Updated: 2025-03-04 20:24
    VLAI
    Summary
    REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-749 - Exposed Dangerous Method or Function
    Assigner
    Impacted products
    Vendor Product Version
    n/a kernel Affected: <=4.19.90-2211.4.0.0177, <=5.10.0-60.67.0.92
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/openeuler/kernel/commit/e4d0684a3ce68e7f8e11408121e791cd80312b27"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33639",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T20:23:06.370820Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T20:24:10.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c=4.19.90-2211.4.0.0177, \u003c=5.10.0-60.67.0.92"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-749",
                  "description": "CWE-749: Exposed Dangerous Method or Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-08T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://gitee.com/openeuler/kernel/commit/e4d0684a3ce68e7f8e11408121e791cd80312b27"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33639",
        "datePublished": "2023-03-08T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-03-04T20:24:10.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33641 (GCVE-0-2021-33641)

    Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-03 20:03
    VLAI
    Summary
    When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a byacc Affected: <1.9.20200330 and <2.0.20210808
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33641",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:37:25.468877Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T20:03:08.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "byacc",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.9.20200330 and \u003c2.0.20210808"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 : use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-20T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33641",
        "datePublished": "2023-01-20T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-04-03T20:03:08.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33642 (GCVE-0-2021-33642)

    Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-02 14:47
    VLAI
    Summary
    When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a byacc Affected: <1.9.20200330 and <2.0.20210808
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T14:45:29.359598Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T14:47:37.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "byacc",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.9.20200330 and \u003c2.0.20210808"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-835",
                  "description": "CWE-835 : infinite loop",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-20T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33642",
        "datePublished": "2023-01-20T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-04-02T14:47:37.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33640 (GCVE-0-2021-33640)

    Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:58
    VLAI
    Summary
    After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.909Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640\u0026packageName=libtar"
              },
              {
                "name": "FEDORA-2022-88772d0a2d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
              },
              {
                "name": "FEDORA-2022-ccc68b06cc",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33640",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-17T14:57:23.132306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T14:58:03.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler 22.03 LTS",
              "vendor": "openEuler",
              "versions": [
                {
                  "status": "affected",
                  "version": " libtar 1.2.20-21"
                }
              ]
            },
            {
              "product": "openEuler 20.03 LTS SP1",
              "vendor": "openEuler",
              "versions": [
                {
                  "status": "affected",
                  "version": " libtar 1.2.20-19"
                }
              ]
            },
            {
              "product": "openEuler 20.03 LTS SP3",
              "vendor": "openEuler",
              "versions": [
                {
                  "status": "affected",
                  "version": " libtar 1.2.20-19"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t-\u003eth_buf) . As a result, the released memory is used (use-after-free)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-28T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640\u0026packageName=libtar"
            },
            {
              "name": "FEDORA-2022-88772d0a2d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
            },
            {
              "name": "FEDORA-2022-ccc68b06cc",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33640",
        "datePublished": "2022-12-19T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-04-17T14:58:03.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33643 (GCVE-0-2021-33643)

    Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2026-06-23 14:42
    VLAI
    Summary
    An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libtar Affected: <1.2.21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:33:35.833Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
              },
              {
                "name": "FEDORA-2022-fe1a4e3cf0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
              },
              {
                "name": "FEDORA-2022-50e8a1b51d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
              },
              {
                "name": "FEDORA-2022-44a20bba43",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
              },
              {
                "name": "FEDORA-2022-88772d0a2d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
              },
              {
                "name": "FEDORA-2022-ccc68b06cc",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-33643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T14:41:54.824443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T14:42:04.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libtar",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.2.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-28T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
            },
            {
              "name": "FEDORA-2022-fe1a4e3cf0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
            },
            {
              "name": "FEDORA-2022-50e8a1b51d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
            },
            {
              "name": "FEDORA-2022-44a20bba43",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
            },
            {
              "name": "FEDORA-2022-88772d0a2d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
            },
            {
              "name": "FEDORA-2022-ccc68b06cc",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33643",
        "datePublished": "2022-08-09T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2026-06-23T14:42:04.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-33644 (GCVE-0-2021-33644)

    Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2025-11-03 20:33
    VLAI
    Summary
    An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a libtar Affected: <1.2.21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:33:37.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
              },
              {
                "name": "FEDORA-2022-fe1a4e3cf0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
              },
              {
                "name": "FEDORA-2022-50e8a1b51d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
              },
              {
                "name": "FEDORA-2022-44a20bba43",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
              },
              {
                "name": "FEDORA-2022-88772d0a2d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
              },
              {
                "name": "FEDORA-2022-ccc68b06cc",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libtar",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.2.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-28T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
            },
            {
              "name": "FEDORA-2022-fe1a4e3cf0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
            },
            {
              "name": "FEDORA-2022-50e8a1b51d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
            },
            {
              "name": "FEDORA-2022-44a20bba43",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
            },
            {
              "name": "FEDORA-2022-88772d0a2d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
            },
            {
              "name": "FEDORA-2022-ccc68b06cc",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33644",
        "datePublished": "2022-08-09T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-11-03T20:33:37.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-33646 (GCVE-0-2021-33646)

    Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2025-11-03 20:33
    VLAI
    Summary
    The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.
    Severity
    No CVSS data available.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    n/a libtar Affected: <1.2.21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:33:40.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
              },
              {
                "name": "FEDORA-2022-fe1a4e3cf0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
              },
              {
                "name": "FEDORA-2022-50e8a1b51d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
              },
              {
                "name": "FEDORA-2022-44a20bba43",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
              },
              {
                "name": "FEDORA-2022-88772d0a2d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
              },
              {
                "name": "FEDORA-2022-ccc68b06cc",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libtar",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.2.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longname after allocating memory, which may cause a memory leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401: Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-28T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
            },
            {
              "name": "FEDORA-2022-fe1a4e3cf0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
            },
            {
              "name": "FEDORA-2022-50e8a1b51d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
            },
            {
              "name": "FEDORA-2022-44a20bba43",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
            },
            {
              "name": "FEDORA-2022-88772d0a2d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
            },
            {
              "name": "FEDORA-2022-ccc68b06cc",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33646",
        "datePublished": "2022-08-09T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-11-03T20:33:40.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-33645 (GCVE-0-2021-33645)

    Vulnerability from cvelistv5 – Published: 2022-08-09 00:00 – Updated: 2025-11-03 20:33
    VLAI
    Summary
    The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
    Severity
    No CVSS data available.
    CWE
    • CWE-401 - Missing Release of Memory after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    n/a libtar Affected: <1.2.21
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T20:33:38.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
              },
              {
                "name": "FEDORA-2022-fe1a4e3cf0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
              },
              {
                "name": "FEDORA-2022-50e8a1b51d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
              },
              {
                "name": "FEDORA-2022-44a20bba43",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
              },
              {
                "name": "FEDORA-2022-88772d0a2d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
              },
              {
                "name": "FEDORA-2022-ccc68b06cc",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libtar",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c1.2.21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The th_read() function doesn\u2019t free a variable t-\u003eth_buf.gnu_longlink after allocating memory, which may cause a memory leak."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401: Missing Release of Memory after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-28T00:00:00.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "url": "https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1807"
            },
            {
              "name": "FEDORA-2022-fe1a4e3cf0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5YSHZY753R7XW6CIKJVAWI373WW3YRRJ/"
            },
            {
              "name": "FEDORA-2022-50e8a1b51d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OD4HEBSTI22FNYKOKK7W3X6ZQE6FV3XC/"
            },
            {
              "name": "FEDORA-2022-44a20bba43",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7Q26QDNOJDOFYWMJWEIK5XR62M2FF6IJ/"
            },
            {
              "name": "FEDORA-2022-88772d0a2d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
            },
            {
              "name": "FEDORA-2022-ccc68b06cc",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33645",
        "datePublished": "2022-08-09T00:00:00.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2025-11-03T20:33:38.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-33655 (GCVE-0-2021-33655)

    Vulnerability from cvelistv5 – Published: 2022-07-18 14:45 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a kernel Affected: 5.18 5.19.0-rc1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
              },
              {
                "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
              },
              {
                "name": "DSA-5191",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5191"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.18 5.19.0-rc1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:20.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
            },
            {
              "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
            },
            {
              "name": "DSA-5191",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5191"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33655",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.18 5.19.0-rc1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4"
                },
                {
                  "name": "[oss-security] 20220719 CVE-2021-33655: Linux kernel: When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.(5.18 5.19.0-rc1)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/07/19/2"
                },
                {
                  "name": "DSA-5191",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2022/dsa-5191"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33655",
        "datePublished": "2022-07-18T14:45:50.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33656 (GCVE-0-2021-33656)

    Vulnerability from cvelistv5 – Published: 2022-07-18 14:44 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a openEuler:kernel Affected: <5.10.127
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.558Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656\u0026packageName=kernel"
              },
              {
                "name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(\u003c5.10.127)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"
              },
              {
                "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler:kernel",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c5.10.127"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-02T18:06:13.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656\u0026packageName=kernel"
            },
            {
              "name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(\u003c5.10.127)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"
            },
            {
              "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33656",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openEuler:kernel",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c5.10.127"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787 Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch",
                  "refsource": "MISC",
                  "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch"
                },
                {
                  "name": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656\u0026packageName=kernel",
                  "refsource": "MISC",
                  "url": "https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33656\u0026packageName=kernel"
                },
                {
                  "name": "[oss-security] 20220719 CVE-2021-33656: Linux kernel: When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.(\u003c5.10.127)",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/07/19/3"
                },
                {
                  "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33656",
        "datePublished": "2022-07-18T14:44:28.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:21.558Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33654 (GCVE-0-2021-33654)

    Vulnerability from cvelistv5 – Published: 2022-06-27 16:26 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception.
    Severity
    No CVSS data available.
    CWE
    • CWE-369 - Division by Zero Exception
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a openEuler:mindspore Affected: >= 0.7.0-beta, < 1.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler:mindspore",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Division by Zero Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T16:26:29.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33654",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openEuler:mindspore",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-369 Division by Zero Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md",
                  "refsource": "MISC",
                  "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-001_en.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33654",
        "datePublished": "2022-06-27T16:26:29.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33653 (GCVE-0-2021-33653)

    Vulnerability from cvelistv5 – Published: 2022-06-27 16:25 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.
    Severity
    No CVSS data available.
    CWE
    • CWE-369 - Division by Zero Exception
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a openEuler:mindspore Affected: >= 0.7.0-beta, < 1.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler:mindspore",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.7.0-beta, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369  Division by Zero Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T16:25:27.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33653",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openEuler:mindspore",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 0.7.0-beta, \u003c 1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-369  Division by Zero Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md",
                  "refsource": "MISC",
                  "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-002_en.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33653",
        "datePublished": "2022-06-27T16:25:27.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33650 (GCVE-0-2021-33650)

    Vulnerability from cvelistv5 – Published: 2022-06-27 16:24 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a openEuler:mindspore Affected: >= 1.2.0, < 1.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:21.577Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler:mindspore",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.2.0, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T16:24:12.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33650",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openEuler:mindspore",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.2.0, \u003c 1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md",
                  "refsource": "MISC",
                  "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-005_en.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33650",
        "datePublished": "2022-06-27T16:24:12.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:21.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33651 (GCVE-0-2021-33651)

    Vulnerability from cvelistv5 – Published: 2022-06-27 16:23 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception.
    Severity
    No CVSS data available.
    CWE
    • CWE-369 - Division by Zero Exception
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a openEuler:mindspore Affected: >= 1.1.0, < 1.3.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "openEuler:mindspore",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.1.0, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-369",
                  "description": "CWE-369 Division by Zero Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-27T16:23:04.000Z",
            "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
            "shortName": "openEuler"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "securities@openeuler.org",
              "ID": "CVE-2021-33651",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "openEuler:mindspore",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e= 1.1.0, \u003c 1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-369 Division by Zero Exception"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md",
                  "refsource": "MISC",
                  "url": "https://gitee.com/mindspore/community/blob/master/security/security_advisory_list/mssa-2021-004_en.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "assignerShortName": "openEuler",
        "cveId": "CVE-2021-33651",
        "datePublished": "2022-06-27T16:23:04.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }