github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server
of httpstream.go
due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command.
Vendor | Product | Version | CPE |
---|---|---|---|
linuxfoundation | containerd | v1.7.0-beta.0 | cpe:2.3:a:linuxfoundation:containerd:v1.7.0-beta.0:*:*:*:*:*:*:* |
- | containerd\ | sid | cpe:2.3:a:-:containerd\:sid:1.4.1~ds1-2:*:*:*:*:*:*:* |
- | containerd\ | 3.17 | cpe:2.3:a:-:containerd\:3.17:1.6.9-r1:*:*:*:*:*:*:* |
- | containerd\ | 3.17 | cpe:2.3:a:-:containerd\:3.17:1.6.9-r0:*:*:*:*:*:*:* |
- | containerd\ | 3.17 | cpe:2.3:a:-:containerd\:3.17:1.6.10-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.4-r1:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.0-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.9-r1:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.8-r1:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.9-r0:*:*:*:*:*:*:* |
github.com/advisories/GHSA-2qjp-425j-52j9
github.com/containerd/containerd/commit/2e3140a0e09d288a9086474752b4478aa0964e7c
github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
github.com/containerd/containerd/releases/tag/v1.5.16
github.com/containerd/containerd/releases/tag/v1.6.12
github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9