CVE-2022-42717 An issue was found in Hashicorp Packer 2.3.1 before the recommended sudoers configuration for Vagrant on Linux.

A non-privileged user on the host can exploit this vulnerability to run sudo commands with root privileges. A user must have sudo privileges on the host to run arbitrary commands as root.

This issue was fixed in Packer 2.3.1.

Issue was discovered in Vagrant before 1.4.4. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.

A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.4.5.

Issue was discovered in Vagrant before 1.0.0. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.

A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.0.0.

Issue was discovered in Vagrant before 1.0.0. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.

A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.0.0.

Issue was discovered in Hashicorp Packer

CVE-2021-4391

A user must have sudo privileges on the host to exploit this vulnerability.

This issue was fixed in Packer 2.3.0

Vulnerability Summary

A user must have write access to the machine to leverage this issue. This issue was fixed in Hashicorp Packer 2.3.1.

Issue was discovered in Vagrant before 1.4.4. A crafted Vagrantfile can trigger a Denial of Service attack. Due to an unchecked reference counted variable, a crafted Vagrantfile could cause the entire machine to crash.

A user must have write access to the machine to leverage this issue. This issue was fixed in Vagrant 1.4.5 and is not present in older versions of Vagrant (1-1)

Timeline

Published on: 10/11/2022 23:15:00 UTC
Last modified on: 10/18/2022 18:00:00 UTC

References