Denial of service in Containers Project Storage



Published: 2021-04-01 | Updated: 2022-05-04
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-20291
CWE-ID CWE-667
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Storage
Server applications / Other server solutions

Vendor

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper locking

EUVDB-ID: #VU62797

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20291

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Storage: before 1.28.1


CPE2.3 External links

http://bugzilla.redhat.com/show_bug.cgi?id=1939485
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/
http://unit42.paloaltonetworks.com/cve-2021-20291/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###