Storage Project

storage_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Storage

storage

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-20291 3Fedoraproject RedhatStorage Project 4Enterprise Linux FedoraOpenshift Container Platform+1 more Nov 21, 2024 Apr 1, 2021 N/A· v4 6.5 MEDIUM· v3 7.1 HIGH· v2 A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archiv...Show more A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-20291

3Fedoraproject

RedhatStorage Project

4Enterprise Linux

FedoraOpenshift Container Platform+1 more

Nov 21, 2024

Apr 1, 2021

N/A· v4

6.5 MEDIUM· v3

7.1 HIGH· v2

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).Show less