VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xm6z-ve9f-aaae

Essentials
Severities (114)
References (36)
Severity details (23)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-xm6z-ve9f-aaae
Aliases	CVE-2021-20291 GHSA-7qw8-847f-pggm
Summary	A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
Status	Published
Exploitability	0.5
Weighted Severity	6.4
Risk	3.2
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-667	Improper Locking
CWE-400	Uncontrolled Resource Consumption

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:1150
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:2438
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:4154
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20291.json
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00111	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00433	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00433	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00433	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00433	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
epss	0.00524	https://api.first.org/data/v1/epss?cve=CVE-2021-20291
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/containers/storage
generic_textual	MODERATE	https://github.com/containers/storage
cvssv3.1	6.5	https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
generic_textual	MODERATE	https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
cvssv3.1	6.5	https://github.com/containers/storage/pull/860
generic_textual	MODERATE	https://github.com/containers/storage/pull/860
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM
cvssv2	7.1	https://nvd.nist.gov/vuln/detail/CVE-2021-20291
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2021-20291
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2021-20291
cvssv3.1	6.5	https://pkg.go.dev/vuln/GO-2021-0100
generic_textual	MODERATE	https://pkg.go.dev/vuln/GO-2021-0100
cvssv3.1	6.5	https://unit42.paloaltonetworks.com/cve-2021-20291
generic_textual	MODERATE	https://unit42.paloaltonetworks.com/cve-2021-20291

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20291.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-20291
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20291
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containers/storage
		https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1
		https://github.com/containers/storage/pull/860
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/
		https://pkg.go.dev/vuln/GO-2021-0100
		https://unit42.paloaltonetworks.com/cve-2021-20291
		https://unit42.paloaltonetworks.com/cve-2021-20291/
988942		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988942
cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
cpe:2.3:a:storage_project:storage::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:storage_project:storage::::::::
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
CVE-2021-20291		https://nvd.nist.gov/vuln/detail/CVE-2021-20291
RHBA-2022:0348		https://bugzilla.redhat.com/show_bug.cgi?id=1939485
RHSA-2021:1150		https://access.redhat.com/errata/RHSA-2021:1150
RHSA-2021:2438		https://access.redhat.com/errata/RHSA-2021:2438
RHSA-2021:4154		https://access.redhat.com/errata/RHSA-2021:4154
RHSA-2022:7954		https://access.redhat.com/errata/RHSA-2022:7954
RHSA-2022:7955		https://access.redhat.com/errata/RHSA-2022:7955
RHSA-2022:8008		https://access.redhat.com/errata/RHSA-2022:8008

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20291.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/containers/storage

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/containers/storage/pull/860

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20291

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2021-0100

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://unit42.paloaltonetworks.com/cve-2021-20291

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.26597
EPSS Score	0.00111
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.