The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, relates to the distribution of resources without any restrictions or controls. This allows a malicious actor to trigger service failures.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to an experimental exploit that allows containers to become unlimited in size. Exploiting this vulnerability could enable a...

CVE-2020-13949

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...