Showing 1 - 6 of 6

CVE-2021-20291

Status Candidate

Overview

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Related Files

Red Hat Security Advisory 2022-7955-01: Posted Nov 16, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7955-01 - The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2021-20291, CVE-2021-33198; SHA-256 | 4e0707644ecf9e9421cd830bd73cba92844a7435320b5b6a805437f694882ab1; Download | Favorite | View

Red Hat Security Advisory 2022-8008-01: Posted Nov 16, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-8008-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include denial of service and information leakage vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2021-20291, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2022-27191, CVE-2022-2989, CVE-2022-2990; SHA-256 | f27bc3e529f8aa8ebd57f3027862054868818878916e80cbd4d078f8cadc588f; Download | Favorite | View

Red Hat Security Advisory 2022-7954-01: Posted Nov 16, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-7954-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2020-28851, CVE-2020-28852, CVE-2021-20199, CVE-2021-20291, CVE-2021-33197, CVE-2021-34558, CVE-2021-4024, CVE-2022-27191; SHA-256 | a8180c3a1689b71a9ce4a9b23b35c42e5c48899cbe6d18ebd18e254562e3d69c; Download | Favorite | View

Red Hat Security Advisory 2021-4154-03: Posted Nov 10, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4154-03 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2021-20291, CVE-2021-3602; SHA-256 | ab8fbead7b6dbcc1dcd05b778178c796c53d317e9279b9060b9cac21a1e40016; Download | Favorite | View

Red Hat Security Advisory 2021-2438-01: Posted Jul 28, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.; tags | advisory, remote, denial of service, shell, vulnerability, code execution; systems | linux, redhat; advisories | CVE-2016-2183, CVE-2020-15106, CVE-2020-15112, CVE-2020-15113, CVE-2020-15114, CVE-2020-15136, CVE-2020-26160, CVE-2020-26541, CVE-2020-28469, CVE-2020-28500, CVE-2020-28852, CVE-2020-7774, CVE-2021-20206, CVE-2021-20271, CVE-2021-20291, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22133, CVE-2021-23337, CVE-2021-23362, CVE-2021-23368, CVE-2021-23382, CVE-2021-25735; SHA-256 | 44f1588b77c38919a903c4dffe0b5b58cf96f91a447694471f228851a5f89f6d; Download | Favorite | View

Red Hat Security Advisory 2021-1150-01: Posted Apr 21, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-1150-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2021-20291; SHA-256 | cb0b05054e01dacfc97259c7111ab5d6358375e32e414ffad4b6c7394ff1feef; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2021-20291

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems