Containerd Security Vulnerabilities and Issues — Containerd CVE List

Lucene search

ContainerdContainerd

14 matches found

CVE•added 2022/06/09 2:15 p.m.•782 views

CVE-2022-31030

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memory o...

5.5CVSS5.9AI score0.00109EPSS

CVE•added 2023/02/16 3:15 p.m.•611 views

CVE-2023-25173

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able...

7.8CVSS7AI score0.00021EPSS

CVE•added 2020/12/01 3:15 a.m.•515 views

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting pr...

5.2CVSS5.4AI score0.11825EPSS

In wild

CVE•added 2021/07/19 9:15 p.m.•487 views

CVE-2021-32760

containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to ...

6.8CVSS6AI score0.00141EPSS

CVE•added 2022/03/03 2:15 p.m.•482 views

CVE-2022-23648

containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read...

7.5CVSS7.8AI score0.0617EPSS

CVE•added 2023/02/16 3:15 p.m.•478 views

CVE-2023-25153

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has...

6.2CVSS6.5AI score0.00115EPSS

CVE•added 2022/12/07 11:15 p.m.•462 views

CVE-2022-23471

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for...

6.5CVSS6.8AI score0.00198EPSS

CVE•added 2021/10/04 5:15 p.m.•460 views

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory con...

7.8CVSS6.8AI score0.00085EPSS

CVE•added 2021/03/10 10:15 p.m.•444 views

CVE-2021-21334

In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect e...

6.3CVSS6.5AI score0.00209EPSS

CVE•added 2020/10/16 5:15 p.m.•254 views

CVE-2020-15157

In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign...

6.1CVSS6.8AI score0.00591EPSS

CVE•added 2025/03/17 10:15 p.m.•224 views

CVE-2024-40635

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root ...

4.6CVSS4.9AI score0.00014EPSS

Web

CVE•added 2022/01/05 7:15 p.m.•182 views

CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, a...

9.1CVSS8.4AI score0.00155EPSS

CVE•added 2025/05/20 7:15 p.m.•159 views

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0....

9.4CVSS6.4AI score0.00015EPSS

CVE•added 2025/05/21 6:15 p.m.•149 views

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honor...

6.9CVSS6.4AI score0.00021EPSS