12 matches found
CVE-2022-31030
CVE-2022-31030 affects containerd’s CRI ExecSync path, where containered processes can cause unbounded memory growth in the containerd daemon, risking host memory exhaustion and denial of service. The connected documents confirm the root cause is within containerd’s CRI implementation and state f...
CVE-2023-25173
CVE-2023-25173 affects containerd. A bug allowed improper setup of supplementary groups inside a container, enabling bypass of primary group restrictions and potential access to sensitive data or code execution when an attacker has container access. The issue is fixed in containerd 1.6.18 and 1.5...
CVE-2020-15257
The CVE describes a privilege-escalation issue in containerd where access controls on the shim API socket allowed a container in the same network namespace to run new processes with elevated privileges. Affected releases are containerd before 1.3.9 and before 1.4.3; the vulnerability stems from e...
CVE-2021-32760
CVE-2021-32760 affects containerd prior to 1.4.8 and 1.5.4. A crafted container image could cause Unix file permission changes on host files when pulling/extracting, potentially denying access, widening permissions, or setting bits like setuid/setgid/sticky. The flaw does not directly unlock read...
CVE-2022-23648
CVE-2022-23648 affects containerd’s CRI implementation on Linux where specially-crafted image configurations could allow reading read-only copies of arbitrary host files and directories, potentially bypassing policy enforcement. The issue was fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users s...
CVE-2023-25153
Summary: CVE-2023-25153 affects containerd and, when importing OCI images, could allow a denial of service due to an unlimited bytes-read limit on certain files. The issue exists in versions prior to 1.6.18 and 1.5.18. Root cause: missing input size limit during image import leads to potential Do...
CVE-2021-41103
CVE-2021-41103 affects containerd and stems from insufficiently restricted permissions on container root directories and some plugins, enabling unprivileged host users to traverse directories, read/modify files, and potentially execute programs (including those with extended permission bits). The...
CVE-2022-23471
CVE-2022-23471 affects containerd’s CRI implementation where a terminal resize handling goroutine in the CRI stream server can leak memory if a child fails to launch. Affected component: containerd (CRIs/stream server). Root cause: goroutine waiting to send on a channel with no receiver, enabling...
CVE-2021-21334
CVE-2021-21334 affects containerd’s CRI plugin: when multiple containers/pods are launched from the same image, containers may receive incorrect environment variables shared across them, potentially exposing sensitive data. The issue is fixed in containerd versions 1.3.10 and 1.4.4; affected envi...
CVE-2024-40635
CVE-2024-40635 affects containerd. A bug allows containers launched with a UID:GID that exceeds the 32‑bit signed integer max to overflow, causing the container to run as root (UID 0). Fixed in containerd releases: 1.6.38, 1.7.27, and 2.0.4. Workarounds include using only trusted images and restr...
CVE-2024-25621
CVE-2024-25621 affects containerd: versions 0.1.0–1.7.28, 2.0.0-beta.0–2.0.6, 2.1.0-beta.0–2.1.4, and 2.2.0-beta.0–2.2.0-rc.1 create directories with overly broad permissions (e.g., /var/lib/containerd, /run/containerd/io.containerd.grpc.v1.cri, /run/containerd/io.containerd.sandbox.controller.v1...
CVE-2025-64329
CVE-2025-64329 affects containerd across multiple streams. The CVE stems from a bug in the CRI Attach implementation that can exhaust host memory due to goroutine leaks in vulnerable releases (versions: 1.7.28 and earlier; 2.0.0-beta.0–2.0.6; 2.1.0-beta.0–2.1.4; 2.2.0-beta.0–2.2.0-rc.1). Affected...