5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%
github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the ExecSync
function in container_execsync.go
due to a lack of validation in memory consumption which allows an attacker to crash the application via memory exhaustion.
www.openwall.com/lists/oss-security/2022/06/07/1
github.com/advisories/GHSA-5ffw-gxpp-mxpf
github.com/containerd/containerd/commit/10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
github.com/containerd/containerd/commit/a17ec496a95e55601607ca50828147e8ccaeebf1
github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382
github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
lists.fedoraproject.org/archives/list/[email protected]/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/
lists.fedoraproject.org/archives/list/[email protected]/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/
www.debian.org/security/2022/dsa-5162
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.7%