CVE-2021-33636

Published: Oct 29, 2023Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

When the isula load command is used to load malicious images, attackers can execute arbitrary code.

Affected (3)

Products: Openeuler: Isula

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openeuler Isula	Version 2.0.18-10
Openeuler Isula	Version 2.0.8-20210518.144540
Openeuler Isula	Version 2.1.2

Related CWEs

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://gitee.com/src-openeuler/iSulad/pulls/600/files

Source: securities@openeuler.org

Patch

https://gitee.com/src-openeuler/iSulad/pulls/627/files

Source: securities@openeuler.org

Patch

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686

Source: securities@openeuler.org

Vendor Advisory

https://gitee.com/src-openeuler/iSulad/pulls/600/files

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://gitee.com/src-openeuler/iSulad/pulls/627/files

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.