Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-098 (ALASNITRO-ENCLAVES-2026-098)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-098 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the G...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-112 (ALASDOCKER-2026-112)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-112 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compil...

EulerOS 2.0 SP10 : containerd (EulerOS-SA-2026-1329)

According to the versions of the containerd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1374)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1374 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : containerd vulnerabilities (USN-7983-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7983-1 advisory. David Leadbeater discovered that containerd incorrectly set certain directory path permissions. A...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1333)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1333 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-093 (ALASDOCKER-2025-093)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-093 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1304)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1304 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad...

EulerOS 2.0 SP12 : containerd (EulerOS-SA-2025-1579)

According to the versions of the containerd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers...

Amazon Linux 2 : containerd (ALASECS-2025-060)

The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-060 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read ...

Amazon Linux 2 : containerd (ALASDOCKER-2025-061)

The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-061 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Re...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-058)

The version of containerd installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-058 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...

USN-6202-1 containerd vulnerabilities

David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. CVE-2023-25153 It was discovered that containerd incorrectly set up...

Medium: containerd

Issue Overview: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to...

Security Bulletin: IBM Cloud Kubernetes Service is affected by two containerd security vulnerabilities (CVE-2023-25153 and CVE-2023-25173)

Summary IBM Cloud Kubernetes Service is affected by two security vulnerabilities found in containerd where 1 a maliciously crafted image with a large file could cause a denial of service when importing an OCI image CVE-2023-25153 and 2 supplementary groups are not set up properly inside a contain...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1886)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Access Control

github.com/containerd/containerd uses insecure access controls. Pulling of malicious image can cause Unix file permission changes for existing files in the host's file system. This can result in restriction of access to files which should otherwise by accessible...