Vulnerabilities (CVE)

Filtered by vendor Amazon Subscribe
Filtered by product Firecracker
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27174 1 Amazon 1 Firecracker 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
CVE-2020-16843 1 Amazon 1 Firecracker 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.
CVE-2019-18960 1 Amazon 1 Firecracker 2024-11-21 7.5 HIGH 9.8 CRITICAL
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.