containerd up to 1.3.9/1.4.3 Environment Variable exposure of resource
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in containerd up to 1.3.9/1.4.3. The impacted element is an unknown function of the component Environment Variable Handler. Performing a manipulation results in exposure of resource. This vulnerability was named CVE-2021-21334. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability was found in containerd up to 1.3.9/1.4.3 (Virtualization Software). It has been classified as critical. This affects an unknown functionality of the component Environment Variable Handler. The manipulation with an unknown input leads to a exposure of resource vulnerability. CWE is classifying the issue as CWE-668. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 03/11/2021. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2021-21334. The technical details are unknown and an exploit is not publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 266278 (NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2025-0234)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 1.3.10 or 1.4.4 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at Tenable (266278). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Exposure of resourceCWE: CWE-668 / CWE-200 / CWE-284
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 266278
Nessus Name: NewStart CGSL MAIN 6.06 : neod Multiple Vulnerabilities (NS-SA-2025-0234)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: containerd 1.3.10/1.4.4
Patch: github.com
Timeline
12/22/2020 🔍03/11/2021 🔍
03/11/2021 🔍
10/01/2025 🔍
Sources
Product: github.comAdvisory: github.com
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2021-21334 (🔍)
GCVE (CVE): GCVE-0-2021-21334
GCVE (VulDB): GCVE-100-171123
Entry
Created: 03/11/2021 12:14Updated: 10/01/2025 02:39
Changes: 03/11/2021 12:14 (40), 03/31/2021 14:16 (6), 03/31/2021 14:19 (8), 10/01/2025 02:39 (16)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.