Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1386 | 1 Amazon | 1 Firecracker | 2026-01-26 | 6 Medium |
| A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above. | ||||
| CVE-2020-27174 | 1 Amazon | 1 Firecracker | 2024-11-21 | 7.5 High |
| In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. | ||||
| CVE-2020-16843 | 1 Amazon | 1 Firecracker | 2024-11-21 | 5.9 Medium |
| In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. | ||||
| CVE-2019-18960 | 1 Amazon | 1 Firecracker | 2024-11-21 | 9.8 Critical |
| Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes. | ||||
Page 1 of 1.