VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fwws-cz11-aaag

Essentials
Severities (122)
References (31)
Severity details (33)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-fwws-cz11-aaag
Aliases	CVE-2021-21334 GHSA-6g2q-w5j3-fwh4
Summary	In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-668	Exposure of Resource to Wrong Sphere
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21334.html
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21334.json
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00119	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00124	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.0021	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.00274	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
epss	0.01443	https://api.first.org/data/v1/epss?cve=CVE-2021-21334
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1937935
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.3	https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
cvssv3.1	6.3	https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b
cvssv3.1	6.3	https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de
cvssv3.1	6.3	https://github.com/containerd/containerd/releases/tag/v1.3.10
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.3.10
cvssv3.1	6.3	https://github.com/containerd/containerd/releases/tag/v1.4.4
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.4.4
cvssv3.1	6.3	https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
generic_textual	MODERATE	https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
cvssv3.1	6.3	https://github.com/containerd/cri/pull/1628
generic_textual	MODERATE	https://github.com/containerd/cri/pull/1628
cvssv3.1	6.3	https://github.com/containerd/cri/pull/1629
generic_textual	MODERATE	https://github.com/containerd/cri/pull/1629
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2021-21334
cvssv3	6.3	https://nvd.nist.gov/vuln/detail/CVE-2021-21334
cvssv3.1	6.3	https://nvd.nist.gov/vuln/detail/CVE-2021-21334
archlinux	Medium	https://security.archlinux.org/AVG-1650
cvssv3.1	6.3	https://security.gentoo.org/glsa/202105-33
generic_textual	MODERATE	https://security.gentoo.org/glsa/202105-33
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4881-1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-21334.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21334.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-21334
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e
		https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b
		https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de
		https://github.com/containerd/containerd/releases/tag/v1.3.10
		https://github.com/containerd/containerd/releases/tag/v1.4.4
		https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4
		https://github.com/containerd/cri/pull/1628
		https://github.com/containerd/cri/pull/1629
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/
		https://security.gentoo.org/glsa/202105-33
		https://ubuntu.com/security/notices/USN-4881-1
1937935		https://bugzilla.redhat.com/show_bug.cgi?id=1937935
AVG-1650		https://security.archlinux.org/AVG-1650
cpe:2.3:a:linuxfoundation:containerd::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd::::::::
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
CVE-2021-21334		https://nvd.nist.gov/vuln/detail/CVE-2021-21334
USN-4881-1		https://usn.ubuntu.com/4881-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21334.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/releases/tag/v1.3.10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/releases/tag/v1.4.4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/cri/pull/1628

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://github.com/containerd/cri/pull/1629

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21334

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21334

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-21334

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/202105-33

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.46639
EPSS Score	0.00119
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.