CVE-2021-33632 - Vulnerability Details - OpenCVE

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307

History

No history.

MITRE

Status: PUBLISHED

Assigner: openEuler

Published: 2024-03-25T06:59:42.307Z

Updated: 2024-08-03T23:58:21.422Z

Reserved: 2021-05-28T14:26:05.941Z

Link: CVE-2021-33632

Vulnrichment

Updated: 2024-08-03T23:58:21.422Z

NVD

Status : Awaiting Analysis

Published: 2024-03-25T07:15:49.630

Modified: 2024-11-21T06:09:14.273

Link: CVE-2021-33632

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-33632", "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "state": "PUBLISHED", "assignerShortName": "openEuler", "dateReserved": "2021-05-28T14:26:05.941Z", "datePublished": "2024-03-25T06:59:42.307Z", "dateUpdated": "2024-08-03T23:58:21.422Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://gitee.com/openeuler", "defaultStatus": "unaffected", "packageName": "iSulad", "platforms": ["Linux"], "product": "iSulad", "programFiles": ["https://gitee.com/openeuler/iSulad/blob/master/src/cmd/isulad/main.c"], "repo": "https://gitee.com/openeuler/iSulad", "vendor": "openEuler", "versions": [{"status": "affected", "version": "2.0.18-13"}, {"changes": [{"at": "7cb6c860e9b56def7667096351cabf793dc5645a upgrade from upstream", "status": "unaffected"}, {"at": "317841cf45d60159c14df77c2167a6ddcf673061 upgrade from upstream", "status": "unaffected"}], "lessThanOrEqual": "2.1.4-2", "status": "affected", "version": "2.1.4-1", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "dbearzhu@huawei.com"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.<p> This vulnerability is associated with program files <tt>https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C</tt>.</p><p>This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.</p>"}], "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n"}], "impacts": [{"capecId": "CAPEC-29", "descriptions": [{"lang": "en", "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler", "dateUpdated": "2024-03-25T06:59:53.586Z"}, "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"}], "source": {"discovery": "UNKNOWN"}, "title": "TOCTOU Race Condition problem in iSulad", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "openeuler", "product": "isula", "cpes": ["cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.18-13", "status": "affected"}]}, {"vendor": "openeuler", "product": "isula", "cpes": ["cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.1.4-1", "status": "affected", "lessThanOrEqual": "2.1.4-2", "versionType": "git"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T19:14:49.794932Z", "id": "CVE-2021-33632", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:19:38.237Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:21.422Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/645", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/640", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/639", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290", "tags": ["x_transferred"]}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/645", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/640", "tags": ["x_transferred"]}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/639", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:21.422Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-33632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T19:14:49.794932Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openeuler:isula:2.0.18-13:*:*:*:*:*:*:*"], "vendor": "openeuler", "product": "isula", "versions": [{"status": "affected", "version": "2.0.18-13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:openeuler:isula:*:*:*:*:*:*:*:*"], "vendor": "openeuler", "product": "isula", "versions": [{"status": "affected", "version": "2.1.4-1", "versionType": "git", "lessThanOrEqual": "2.1.4-2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:19:31.176Z"}}], "cna": {"title": "TOCTOU Race Condition problem in iSulad", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "dbearzhu@huawei.com"}], "impacts": [{"capecId": "CAPEC-29", "descriptions": [{"lang": "en", "value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://gitee.com/openeuler/iSulad", "vendor": "openEuler", "product": "iSulad", "versions": [{"status": "affected", "version": "2.0.18-13"}, {"status": "affected", "changes": [{"at": "7cb6c860e9b56def7667096351cabf793dc5645a upgrade from upstream", "status": "unaffected"}, {"at": "317841cf45d60159c14df77c2167a6ddcf673061 upgrade from upstream", "status": "unaffected"}], "version": "2.1.4-1", "versionType": "git", "lessThanOrEqual": "2.1.4-2"}], "platforms": ["Linux"], "packageName": "iSulad", "programFiles": ["https://gitee.com/openeuler/iSulad/blob/master/src/cmd/isulad/main.c"], "collectionURL": "https://gitee.com/openeuler", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"}, {"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/645"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/640"}, {"url": "https://gitee.com/src-openeuler/iSulad/pulls/639"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n", "supportingMedia": [{"type": "text/html", "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.<p> This vulnerability is associated with program files <tt>https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C</tt>.</p><p>This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "shortName": "openEuler", "dateUpdated": "2024-03-25T06:59:53.586Z"}}}, "cveMetadata": {"cveId": "CVE-2021-33632", "state": "PUBLISHED", "dateUpdated": "2024-08-03T23:58:21.422Z", "dateReserved": "2021-05-28T14:26:05.941Z", "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2", "datePublished": "2024-03-25T06:59:42.307Z", "assignerShortName": "openEuler"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.\n\nThis issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU) en openEuler iSulad en Linux permite aprovechar las condiciones de ejecuci\u00f3n de tiempo de verificaci\u00f3n y tiempo de uso (TOCTOU). Esta vulnerabilidad est\u00e1 asociada con archivos de programa https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. Este problema afecta a iSulad: 2.0.18-13, desde 2.1.4-1 hasta 2.1.4-2."}], "id": "CVE-2021-33632", "lastModified": "2024-11-21T06:09:14.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "securities@openeuler.org", "type": "Secondary"}]}, "published": "2024-03-25T07:15:49.630", "references": [{"source": "securities@openeuler.org", "url": "https://gitee.com/src-openeuler/iSulad/pulls/639"}, {"source": "securities@openeuler.org", "url": "https://gitee.com/src-openeuler/iSulad/pulls/640"}, {"source": "securities@openeuler.org", "url": "https://gitee.com/src-openeuler/iSulad/pulls/645"}, {"source": "securities@openeuler.org", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"}, {"source": "securities@openeuler.org", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"}, {"source": "securities@openeuler.org", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"}, {"source": "securities@openeuler.org", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitee.com/src-openeuler/iSulad/pulls/639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitee.com/src-openeuler/iSulad/pulls/640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://gitee.com/src-openeuler/iSulad/pulls/645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307"}], "sourceIdentifier": "securities@openeuler.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "securities@openeuler.org", "type": "Secondary"}]}