7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.5%
The Containerd container execution environment vulnerability is related to a flaw whereby additional
groups are not properly configured within the container, when an attacker has direct access to the container
and manipulates its optional group access, it can use optional group
access to bypass the restrictions of the primary group. Exploitation of the vulnerability could allow an intruder to
gain access to sensitive information or be able to execute code in that container.
The Containerd container execution environment vulnerability is related to the lack of a limit on the number of
bytes read for specific files when importing OCI images. Exploitation of the vulnerability could
allow an attacker to cause a denial of service.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | containerd | <=ย 1.5.18-1 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
35.5%