CVE-2021-32699: 
NixOS vulnerability analysis and mitigation

Wings, the control plane software for Pterodactyl, versions prior to 1.4.4 were found to be vulnerable to system resource exhaustion due to improper container process limits (CVE-2021-32699). The vulnerability was discovered and disclosed on June 21, 2021. This security issue affects all versions of Pterodactyl Wings before version 1.4.3, impacting Docker containers created by the software (GitHub Advisory).

The vulnerability stems from improper container process limits being defined in the Docker container configuration. Without proper PID limits, containers could spawn an unlimited number of processes. The issue has a CVSS v3.1 base score of 6.5 (Moderate) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H. The vulnerability is classified under CWE-400 and CWE-405, relating to uncontrolled resource consumption (GitHub Advisory).

A malicious user could exploit this vulnerability to consume more system resources than intended, potentially causing downstream impacts to other clients on the same hardware. In severe cases, this could lead to the physical server becoming unresponsive, effectively creating a denial of service condition (GitHub Advisory).

The primary mitigation is to upgrade to Wings version 1.4.4 which includes the security fix. For users running customized versions of the software who cannot upgrade immediately, they can manually set a PID limit for containers created. The fix involves enforcing process limits at a per-container level to prevent abusive clients from impacting other instances (GitHub Advisory).