Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 785895 (CVE-2021-20291) - [Tracker] Deadlock vulnerability through embedded app-emulation/containers-storage (CVE-2021-20291)
Summary: [Tracker] Deadlock vulnerability through embedded app-emulation/containers-st...
Alias: CVE-2021-20291
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Keywords: Tracker
Depends on: 785916 785898 785901 785904 785910
  Show dependency tree
Reported: 2021-04-26 21:20 UTC by GLSAMaker/CVETool Bot
Modified: 2021-07-29 18:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2021-04-26 21:20:49 UTC
CVE-2021-20291 (
  A deadlock vulnerability was found in '' in
  versions before 1.28.1. When a container image is processed, each layer is
  unpacked using `tar`. If one of those layers is not a valid `tar` archive
  this causes an error leading to an unexpected situation where the code
  indefinitely waits for the tar unpacked stream, which never finishes. An
  attacker could use this vulnerability to craft a malicious image, which when
  downloaded and stored by an application using containers/storage, would then
  cause a deadlock leading to a Denial of Service (DoS).
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:22:44 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:31:01 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:38:58 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:47:08 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:03:05 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:11:23 UTC
Package list is empty or all packages have requested keywords.