Openeuler: Security Vulnerabilities
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-10-29
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-29
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-10-29
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-10-29
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
CVSS Score
8.4
EPSS Score
0.0
Published
2023-10-29
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-20
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-20
isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-07-26