nvd-json-data-feeds/CVE-2021/CVE-2021-232xx/CVE-2021-23218.json

{
  "id": "CVE-2021-23218",
  "sourceIdentifier": "psirt@mirantis.com",
  "published": "2022-01-10T16:15:08.500",
  "lastModified": "2024-11-21T05:51:23.623",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service."
    },
    {
      "lang": "es",
      "value": "Cuando es ejecutado con el modo FIPS habilitado, Mirantis Container Runtime versi\u00f3n 20.10.8 presenta un p\u00e9rdida de memoria durante los Handshakes TLS que podr\u00eda ser abusada para causar una denegaci\u00f3n de servicio"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@mirantis.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "baseScore": 4.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@mirantis.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mirantis:mirantis_container_runtime:20.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C42176-87FD-40D6-A58A-40DE97AF7963"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md",
      "source": "psirt@mirantis.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/Mirantis/security/blob/main/advisories/0002.md",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}