PT-2024-39171 · Cri-O · Cri-O

Name of the Vulnerable Software and Affected Versions: CRI-O versions prior to 1.29.11 CRI-O versions 1.30.0 through 1.30.8 CRI-O versions 1.31.0 through 1.31.3 Description: A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be aske...

AZL-50609 CVE-2024-9676 affecting package cri-o for versions less than 1.22.3-14

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace...

AZL-50103 CVE-2024-9341 affecting package cri-o for versions less than 1.22.3-9

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...

PT-2022-19901 · Podman +11 · Podman +11

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 20.10.18 CRI-O versions prior to 20.10.18 Docker versions prior to 20.10.18 Moby Docker Engine versions prior to 20.10.18 Podman versions prior to 20.10.18 Description: The issue arises from an incorrect handling of...