FKIE_CVE-2022-1708

Vulnerability from fkie_nvd - Published: 2022-06-07 18:15 - Updated: 2024-11-21 06:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2085361Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544Patch
secalert@redhat.comhttps://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6jExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2085361Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6jExploit, Third Party Advisory
Impacted products
Vendor Product Version
kubernetes cri-o *
kubernetes cri-o *
kubernetes cri-o *
kubernetes cri-o *
kubernetes cri-o *
kubernetes cri-o 1.24.0
fedoraproject fedora 36
redhat openshift_container_platform 3.11
redhat openshift_container_platform 4.0
redhat openshift_container_platform 4.9
redhat openshift_container_platform 4.10
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E25362D4-3C3F-48AF-81AE-50CE805F974A",
              "versionEndExcluding": "1.19.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C3A477-64E2-46BD-9E44-47FB9ED115F3",
              "versionEndExcluding": "1.20.8",
              "versionStartIncluding": "1.20.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF3C397-08CE-4AF8-A168-2A770B2AE3DF",
              "versionEndExcluding": "1.21.8",
              "versionStartIncluding": "1.21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6158FA5-6970-4A24-8D7D-5AC9F2C71BA7",
              "versionEndExcluding": "1.22.5",
              "versionStartIncluding": "1.22.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D97A9E-BD57-4E36-8D81-B54CFB11ECF1",
              "versionEndExcluding": "1.23.3",
              "versionStartIncluding": "1.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kubernetes:cri-o:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66A6A88D-64CF-4C2B-99C3-202DE455D50C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81609549-25CE-4C8A-9DE3-170D23704208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0595C9F8-9C7A-4FC1-B7EE-52978A1B1E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en CRI-O que causa el agotamiento de la memoria o del espacio en disco en el nodo para cualquiera que tenga acceso a la API de Kube. La petici\u00f3n ExecSync ejecuta comandos en un contenedor y registra la salida del comando. Esta salida es le\u00edda por CRI-O despu\u00e9s de la ejecuci\u00f3n del comando, y es le\u00edda de manera que el archivo completo correspondiente a la salida del comando es le\u00eddo. As\u00ed, si la salida del comando es grande es posible agotar la memoria o el espacio en disco del nodo cuando CRI-O lee la salida del comando. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2022-1708",
  "lastModified": "2024-11-21T06:41:17.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-07T18:15:11.640",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085361"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/cri-o/cri-o/commit/f032cf649ecc7e0c46718bd9e7814bfb317cb544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-fcm2-6c3h-pg6j"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.