Search criteria
3 vulnerabilities found for mirantis_container_runtime by mirantis
FKIE_CVE-2021-23218
Vulnerability from fkie_nvd - Published: 2022-01-10 16:15 - Updated: 2024-11-21 05:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@mirantis.com | https://github.com/Mirantis/security/blob/main/advisories/0002.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mirantis/security/blob/main/advisories/0002.md | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mirantis | mirantis_container_runtime | 20.10.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mirantis:mirantis_container_runtime:20.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C42176-87FD-40D6-A58A-40DE97AF7963",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
},
{
"lang": "es",
"value": "Cuando es ejecutado con el modo FIPS habilitado, Mirantis Container Runtime versi\u00f3n 20.10.8 presenta un p\u00e9rdida de memoria durante los Handshakes TLS que podr\u00eda ser abusada para causar una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-23218",
"lastModified": "2024-11-21T05:51:23.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@mirantis.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-10T16:15:08.500",
"references": [
{
"source": "psirt@mirantis.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"sourceIdentifier": "psirt@mirantis.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "psirt@mirantis.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-23218 (GCVE-0-2021-23218)
Vulnerability from cvelistv5 – Published: 2022-01-10 15:05 – Updated: 2024-08-03 19:05
VLAI?
Summary
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
Severity ?
5.3 (Medium)
CWE
- CWE-401 - Improper Release of Memory Before Removing Last Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirantis | Mirantis Container Runtime |
Affected:
20.10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mirantis Container Runtime",
"vendor": "Mirantis",
"versions": [
{
"status": "affected",
"version": "20.10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:05:45",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"source": {
"advisory": "0002",
"discovery": "INTERNAL"
},
"title": "Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "Disable FIPS mode"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"ID": "CVE-2021-23218",
"STATE": "PUBLIC",
"TITLE": "Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mirantis Container Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "20.10",
"version_value": "20.10.8"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0002.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
]
},
"source": {
"advisory": "0002",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable FIPS mode"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2021-23218",
"datePublished": "2022-01-10T15:05:45",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23218 (GCVE-0-2021-23218)
Vulnerability from nvd – Published: 2022-01-10 15:05 – Updated: 2024-08-03 19:05
VLAI?
Summary
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
Severity ?
5.3 (Medium)
CWE
- CWE-401 - Improper Release of Memory Before Removing Last Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirantis | Mirantis Container Runtime |
Affected:
20.10.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mirantis Container Runtime",
"vendor": "Mirantis",
"versions": [
{
"status": "affected",
"version": "20.10.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:05:45",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
],
"source": {
"advisory": "0002",
"discovery": "INTERNAL"
},
"title": "Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service",
"workarounds": [
{
"lang": "en",
"value": "Disable FIPS mode"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"ID": "CVE-2021-23218",
"STATE": "PUBLIC",
"TITLE": "Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mirantis Container Runtime",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "20.10",
"version_value": "20.10.8"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401 Improper Release of Memory Before Removing Last Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0002.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md"
}
]
},
"source": {
"advisory": "0002",
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable FIPS mode"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2021-23218",
"datePublished": "2022-01-10T15:05:45",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T19:05:55.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}