CVE-2021-33632

EUVD-2021-20309
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C.

This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
openeulerisula
2.1.4-1 ≤
𝑥
≤ 2.1.4-2
ADP
Common Weakness Enumeration
References
https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307
https://gitee.com/src-openeuler/iSulad/pulls/639
https://gitee.com/src-openeuler/iSulad/pulls/640
https://gitee.com/src-openeuler/iSulad/pulls/645
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307