7

CVE-2021-33632

TOCTOU Race Condition problem in iSulad

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.

This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstelleropeneuler
Produkt isula
Default Statusunknown
Version 2.0.18-13
Status affected
Herstelleropeneuler
Produkt isula
Default Statusunknown
Version <= 2.1.4-2
Version 2.1.4-1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.042
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
securities@openeuler.org 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307