Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
CRI-O 资源管理错误漏洞
Vulnerability Description
CRI-O是一款用于Kubernetes系统的轻量级容器运行时环境。 CRI-O存在资源管理错误漏洞,该漏洞源于CRI-O读取输出缺少大小限制。攻击者可以制造较大的输出来利用该漏洞影响系统的可用性。
CVSS Information
N/A
Vulnerability Type
N/A