Lucene search

K

GoogleOSV:GO-2022-1147

HistoryAug 21, 2024 - 4:03 p.m.

containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

2024-08-2116:03:26

Google

osv.dev

2

containerd security vulnerability

cri stream server

host memory exhaustion

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

References

github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295

github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0

github.com/containerd/containerd/releases/tag/v1.5.16

github.com/containerd/containerd/releases/tag/v1.6.12

github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9

nvd.nist.gov/vuln/detail/CVE-2022-23471

security.gentoo.org/glsa/202401-31

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

Related for OSV:GO-2022-1147

debiancve1 veracode1 redos1 openvas14 nvd1 nessus30 cgr1 alpinelinux1 osv5 cbl_mariner2 prion1 ubuntucve1 ibm15 cve1 github1 cvelist1 wolfi1 fedora3 mageia1 ubuntu1 photon12 gentoo1 ics1