CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27174
https://notcve.org/view.php?id=CVE-2020-27174
16 Oct 2020 — In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. En Amazon AWS Firecracker versiones anteriores a 0.21.3 y versiones 0.22.x anteriores a 0.22.1, el búfer de la consola serial puede aumentar su uso de memoria sin límite cuando los datos son enviados a la entrada e... • http://www.openwall.com/lists/oss-security/2020/10/23/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16843
https://notcve.org/view.php?id=CVE-2020-16843
04 Aug 2020 — In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered. En Firecracker versiones 0.20.x anteriores a 0.20.1 y versiones 0.21.x anteriores a 0.21.2, la pila de red puede congelarse bajo tráfico de entrada pesado. Esto puede resultar en una deneg... • http://www.openwall.com/lists/oss-security/2020/08/13/1 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2019-18960
https://notcve.org/view.php?id=CVE-2019-18960
11 Dec 2019 — Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes. Una implementación desbordamiento de búfer de Firecracker vsock versiones 0.18.0 y 0.19.0. Esto puede resultar en bloqueos potencialmente explotables. • http://www.openwall.com/lists/oss-security/2019/12/10/1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •