CVE-2020-27174

{"id": "CVE-2020-27174", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-10-16T05:15:11.830", "references": [{"url": "http://www.openwall.com/lists/oss-security/2020/10/23/1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/firecracker-microvm/firecracker/issues/2177", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/firecracker-microvm/firecracker/pull/2178", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/firecracker-microvm/firecracker/pull/2179", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host."}, {"lang": "es", "value": "En Amazon AWS Firecracker versiones anteriores a 0.21.3 y versiones 0.22.x anteriores a 0.22.1, el b\u00fafer de la consola serial puede aumentar su uso de memoria sin l\u00edmite cuando los datos son enviados a la entrada est\u00e1ndar. Esto puede resultar en una p\u00e9rdida de memoria en el subproceso (hilo) de emulaci\u00f3n microVM, posiblemente ocupando m\u00e1s memoria de la prevista en el host"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2097E568-0639-495D-A157-BE1E429CF09C", "versionEndExcluding": "0.21.3"}, {"criteria": "cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8839BF50-88C4-4FD3-95D7-B5B74C5104DA", "versionEndExcluding": "0.22.1", "versionStartIncluding": "0.22.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}