CVE-2021-20291
Description
A deadlock vulnerability was found in github.com/containers/storage in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.026
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2022:7955) skopeo security and bug fix update skopeo-1.9.2-1.el9.x86_64.rpm | Linux |
| (RHSA-2022:7955) skopeo security and bug fix update skopeo-debugsource-1.9.2-1.el9.x86_64.rpm | Linux |
| (RHSA-2022:7955) skopeo security and bug fix update skopeo-tests-1.9.2-1.el9.x86_64.rpm | Linux |
| (RHSA-2022:8008) buildah security and bug fix update buildah-1.27.0-2.el9.x86_64.rpm | Linux |
| (RHSA-2022:8008) buildah security and bug fix update buildah-debugsource-1.27.0-2.el9.x86_64.rpm | Linux |
| (RHSA-2022:8008) buildah security and bug fix update buildah-tests-1.27.0-2.el9.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update buildah-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update buildah-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update buildah-debugsource-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update buildah-tests-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update buildah-tests-debuginfo-1.22.3-2.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update cockpit-podman-33-1.module+el8.5.0+12582+56d94c81.noarch.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update conmon-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update conmon-debuginfo-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update conmon-debugsource-2.0.29-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update container-selinux-2.167.0-1.module+el8.5.0+12582+56d94c81.noarch.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update containernetworking-plugins-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update containernetworking-plugins-debuginfo-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update containernetworking-plugins-debugsource-1.0.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update containers-common-1-2.module+el8.5.0+12582+56d94c81.noarch.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update crit-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-debugsource-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-devel-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-libs-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update criu-libs-debuginfo-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update crun-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update crun-debuginfo-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update crun-debugsource-1.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update fuse-overlayfs-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update fuse-overlayfs-debuginfo-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update fuse-overlayfs-debugsource-1.7.1-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update libslirp-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update libslirp-debuginfo-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update libslirp-debugsource-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update libslirp-devel-4.4.0-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update oci-seccomp-bpf-hook-debuginfo-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update oci-seccomp-bpf-hook-debugsource-1.2.3-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-catatonit-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-catatonit-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-debugsource-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-docker-3.3.1-9.module+el8.5.0+12697+018f24d7.noarch.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-gvproxy-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-gvproxy-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-plugins-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-plugins-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-remote-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-remote-debuginfo-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update podman-tests-3.3.1-9.module+el8.5.0+12697+018f24d7.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update python3-criu-3.15-3.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update python3-podman-3.2.0-2.module+el8.5.0+12582+56d94c81.noarch.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update runc-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update runc-debuginfo-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update runc-debugsource-1.0.2-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update skopeo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update skopeo-debuginfo-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update skopeo-debugsource-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update skopeo-tests-1.4.2-0.1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update slirp4netns-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update slirp4netns-debuginfo-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update slirp4netns-debugsource-1.1.8-1.module+el8.5.0+12582+56d94c81.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update toolbox-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update toolbox-debuginfo-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update toolbox-debugsource-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update toolbox-tests-0.0.99.3-0.4.module+el8.5.0+12682+a4eeb084.x86_64.rpm | Linux |
| (RHSA-2021:4154)Moderate: security, bug fix, and enhancement update udica-0.2.5-2.module+el8.5.0+12582+56d94c81.noarch.rpm | Linux |
| SUSE-SU-2022:23018-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libseccomp2-2.5.3-150300.10.5.1.x86_64.rpm | Linux |
| SUSE-SU-2022:23018-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libseccomp-devel-2.5.3-150300.10.5.1.x86_64.rpm | Linux |
| SUSE-SU-2022:23018-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libcontainers-common-20210626-150300.8.3.1.noarch.rpm | Linux |
| SUSE-SU-2022:23018-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libseccomp2-debuginfo-2.5.3-150300.10.5.1.x86_64.rpm | Linux |
| SUSE-SU-2022:23018-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) libseccomp-debugsource-2.5.3-150300.10.5.1.x86_64.rpm | Linux |
| Buildah update (ELSA-2021-4154) buildah-1.22.3-2.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Buildah-tests update (ELSA-2021-4154) buildah-tests-1.22.3-2.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Cockpit-podman update (ELSA-2021-4154) cockpit-podman-33-1.module+el8.5.0+20416+d687fed7.noarch.rpm | Linux |
| Conmon update (ELSA-2021-4154) conmon-2.0.29-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2021-4154) container-selinux-2.167.0-1.module+el8.5.0+20416+d687fed7.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2021-4154) containernetworking-plugins-1.0.0-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Containers-common update (ELSA-2021-4154) containers-common-1-2.0.2.module+el8.5.0+20424+d687fed7.noarch.rpm | Linux |
| Crit update (ELSA-2021-4154) crit-3.15-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Criu update (ELSA-2021-4154) criu-3.15-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Criu-devel update (ELSA-2021-4154) criu-devel-3.15-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Criu-libs update (ELSA-2021-4154) criu-libs-3.15-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Crun update (ELSA-2021-4154) crun-1.0-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2021-4154) fuse-overlayfs-1.7.1-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Libslirp update (ELSA-2021-4154) libslirp-4.4.0-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Libslirp-devel update (ELSA-2021-4154) libslirp-devel-4.4.0-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Oci-seccomp-bpf-hook update (ELSA-2021-4154) oci-seccomp-bpf-hook-1.2.3-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman update (ELSA-2021-4154) podman-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman-catatonit update (ELSA-2021-4154) podman-catatonit-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2021-4154) podman-docker-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.noarch.rpm | Linux |
| Podman-gvproxy update (ELSA-2021-4154) podman-gvproxy-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman-plugins update (ELSA-2021-4154) podman-plugins-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman-remote update (ELSA-2021-4154) podman-remote-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Podman-tests update (ELSA-2021-4154) podman-tests-3.3.1-9.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Python3-criu update (ELSA-2021-4154) python3-criu-3.15-3.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Python3-podman update (ELSA-2021-4154) python3-podman-3.2.0-2.module+el8.5.0+20416+d687fed7.noarch.rpm | Linux |
| Runc update (ELSA-2021-4154) runc-1.0.2-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Skopeo update (ELSA-2021-4154) skopeo-1.4.2-0.1.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Skopeo-tests update (ELSA-2021-4154) skopeo-tests-1.4.2-0.1.0.1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2021-4154) slirp4netns-1.1.8-1.module+el8.5.0+20416+d687fed7.x86_64.rpm | Linux |
| Udica update (ELSA-2021-4154) udica-0.2.5-2.module+el8.5.0+20416+d687fed7.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234