Base Score

LOW3.4

CVE-2024-0133

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

VectorNETWORK

Published Bypsirt@nvidia.com

Published DateSep 26, 2024, 06:15

Affected Versions(1)

github.com/NVIDIA/nvidia-container-toolkit(Go)

Introduced0

Fixed1.16.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/NVIDIA/nvidia-container-toolkit(Go)	0	1.16.2	N/A

Weakness Type (CWE):CWE-367

CVSS Metrics

Base Score

3.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5582

Base Score

LOW3.4

Weakness Type (CWE):CWE-367

CVSS Metrics

Base Score

3.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE