6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.9%
github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server
of httpstream.go
due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command.
github.com/advisories/GHSA-2qjp-425j-52j9
github.com/containerd/containerd/commit/2e3140a0e09d288a9086474752b4478aa0964e7c
github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0
github.com/containerd/containerd/releases/tag/v1.5.16
github.com/containerd/containerd/releases/tag/v1.6.12
github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
18.9%