A non-privileged user on the host can exploit this vulnerability to run sudo commands with root privileges. A user must have sudo privileges on the host to run arbitrary commands as root.
This issue was fixed in Packer 2.3.1.
Issue was discovered in Vagrant before 1.4.4. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.
A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.4.5.
Issue was discovered in Vagrant before 1.0.0. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.
A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.0.0.
Issue was discovered in Vagrant before 1.0.0. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.
A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.0.0.
Issue was discovered in Hashicorp Packer
CVE-2021-4391
A user must have sudo privileges on the host to exploit this vulnerability.
This issue was fixed in Packer 2.3.0
Vulnerability Summary
A user must have write access to the machine to leverage this issue. This issue was fixed in Hashicorp Packer 2.3.1.
Issue was discovered in Vagrant before 1.4.4. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.
A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.4.5 and is not present in older versions of Vagrant (1-1)
Timeline
Published on: 10/11/2022 23:15:00 UTC
Last modified on: 10/18/2022 18:00:00 UTC