GO-2025-3767 OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal in github.com/google/osv-scalibr

OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal in github.com/google/osv-scalibr...

Time-of-check Time-of-use (TOCTOU) Race Condition

github.com/containerd/containerd is a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is due to insufficient validation of image contents between the time of verification and the time of use during image unpacking, allowing malicious images to modify the host file system...

CVE-2025-47290 Containerd vulnerable to host filesystem access during image unpack

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

CVE-2025-47290

CVE-2025-47290 affects containerd v2.1.0, where a TOCTOU flaw during image unpack could allow an attacker to arbitrarily modify the host filesystem. The issue is limited to 2.1.0; 2.1.1 fixes it. Affected guidance: upgrade to containerd 2.1.1+; as a workaround, use only trusted images and restric...

containerd 安全漏洞

containerd is an industry standard container runtime from containerd open source. A security vulnerability exists in containerd version 2.1.0, which stems from a TOCTOU issue in the image unpacking process that could lead to arbitrary modifications to the host filesystem...

docker: Escalation of privileges during decompression of LZMA archives

A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system...