Lucene search

Cloud FoundryCFOUNDRY:2D5D9086B18C211E6FA83CDBD2D6C726

HistoryJan 20, 2022 - 12:00 a.m.

USN-5150-1: OpenEXR vulnerability | Cloud Foundry

2022-01-2000:00:00

Cloud Foundry

www.cloudfoundry.org

openexr

canonical ubuntu

cloud foundry

vulnerability

cve-2021-3941

cflinuxfs3

cf deployment

mitigation

usn-5150-1

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

Percentile

14.2%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 18.04

Description

OpenEXR could be made to crash if it opened a specially crafted file.

CVEs contained in this USN include: CVE-2021-3941.

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

cflinuxfs3
- All versions prior to 0.267.0
CF Deployment
- All versions prior to 17.1.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

cflinuxfs3
- Upgrade all versions to 0.267.0 or greater
CF Deployment
- Upgrade all versions to 17.1.0 or greater

References

History

2022-01-20: Initial vulnerability report published.

Affected configurations

Vulners

Node

cloudfoundrycflinuxfs3Range<0.267.0

cloudfoundrycf-deploymentRange<17.1.0

VendorProductVersionCPE
cloudfoundrycflinuxfs3*cpe:2.3:a:cloudfoundry:cflinuxfs3:*:*:*:*:*:*:*:*
cloudfoundrycf-deployment*cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudfoundry	cflinuxfs3	*	cpe:2.3:a:cloudfoundry:cflinuxfs3::::::::
cloudfoundry	cf-deployment	*	cpe:2.3:a:cloudfoundry:cf-deployment::::::::