6 matches found
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1897)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1897 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2024-697)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-697 advisory. 2024-08-28: CVE-2024-24790 was added to this advisory. 2024-08-09: CVE-2023-47108 was removed from this advisory. 2024-08-09: The severity of this advisory has been changed from Important to...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2024-499)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-499 advisory. 2024-08-09: CVE-2023-47108 was removed from this advisory. 2024-08-09: The severity of this advisory has been changed from Important to Medium.2024-04-10: CVE-2023-39326 was added to this advisory...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-395)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-395 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-312)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-312 advisory. On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-156)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-156 advisory. containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched...