CVE-2021-32699 — Uncontrolled Resource Consumption in Pterodactyl Wings

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation of Resources Without Limits or Throttling CWE-405 — Asymmetric Resource Consumption (Amplification)4 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 83.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Pterodactyl Wings Pterodactyl Wings

Timeline

PublishedJun 22

Latest updateAug 21

Description

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶NVDpterodactyl/wings< 1.4.4

▶Gogithub.com/pterodactyl_wings< 1.4.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings in github.com/pterodactyl/wings↗2024-08-21

▶

OSV

Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings↗2021-06-23

▶

GHSA

Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings↗2021-06-23

▶