Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAmazon Firecracker
APPAmazon0.18.00.19.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje
Powiązane podatności
CVE-2026-5747HIGH8.7ten sam produkt
An out-of-bounds write issue in the virtio PCI transport in Firecracker 1.13.0 through 1.14.3 and 1.15.0 on x8...
CVE-2020-27174HIGH7.5ten sam produkt
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memo...
CVE-2026-1386MEDIUM6.0ten sam produkt
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1...
CVE-2020-16843MEDIUM5.9ten sam produkt
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress...
CVE-2026-35560CRITICAL9.1PL ✓ten sam vendor
Nieprawidłowa walidacja certyfikatów w Amazon Athena ODBC Driver — atak MITM