VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-us2v-fh9z-aaaa

Essentials
Severities (118)
References (21)
Severity details (25)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-us2v-fh9z-aaaa
Aliases	CVE-2021-43784 GHSA-v95c-p5hm-xq8f
Summary	runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3	5.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43784.json
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00131	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.0015	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00163	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00398	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00398	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00398	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00398	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00528	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
epss	0.00817	https://api.first.org/data/v1/epss?cve=CVE-2021-43784
cvssv3.1	6.0	https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
generic_textual	MODERATE	https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2029439
cvssv3.1	3.6	https://github.com/opencontainers/runc
generic_textual	LOW	https://github.com/opencontainers/runc
cvssv3.1	6.0	https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
cvssv3.1	6.0	https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
cvssv3.1	6.0	https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
cvssv3.1	6.0	https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
generic_textual	MODERATE	https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
cvssv3.1	6.0	https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
generic_textual	MODERATE	https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
cvssv3.1	6.0	https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html
generic_textual	MODERATE	https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html
cvssv3.1	8.6	https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
cvssv2	6.0	https://nvd.nist.gov/vuln/detail/CVE-2021-43784
cvssv3	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-43784
cvssv3.1	5.0	https://nvd.nist.gov/vuln/detail/CVE-2021-43784
cvssv3.1	6.0	https://pkg.go.dev/vuln/GO-2022-0274
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2022-0274
archlinux	Low	https://security.archlinux.org/AVG-2599

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43784.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-43784
		https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43784
		https://github.com/opencontainers/runc
		https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
		https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
		https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77
		https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
		https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
		https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html
		https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html
		https://pkg.go.dev/vuln/GO-2022-0274
2029439		https://bugzilla.redhat.com/show_bug.cgi?id=2029439
AVG-2599		https://security.archlinux.org/AVG-2599
cpe:2.3:a:linuxfoundation:runc::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc::::::::
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
CVE-2021-43784		https://nvd.nist.gov/vuln/detail/CVE-2021-43784
GLSA-202408-25		https://security.gentoo.org/glsa/202408-25
RHSA-2023:6380		https://access.redhat.com/errata/RHSA-2023:6380
USN-6088-2		https://usn.ubuntu.com/6088-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43784.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://bugs.chromium.org/p/project-zero/issues/detail?id=2241

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/opencontainers/runc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43784

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-43784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Found at https://pkg.go.dev/vuln/GO-2022-0274

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.33904
EPSS Score	0.0013
Published At	May 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.