Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39350
HistoryFeb 19, 2023 - 8:35 p.m.

Denial Of Service (DoS)

2023-02-1920:35:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
containerd
vulnerability
onuntarjson
dos
attack
oci image

EPSS

0.001

Percentile

30.2%

github.com/containerd/containerd is vulnerable to Denial of Service (DoS). The vulnerability exists because the onUntarJSON function in importer.go does not properly limit the number of bytes read for specific files when importing an OCI image, allowing an attacker to cause an application crash through the maliciously crafted image.

Affected configurations

Vulners
Node
-containerd\Matchedge1.6.3-r0
OR
-containerd\Matchedge1.5.9-r1
OR
-containerd\Matchedge1.5.7-r0
OR
-containerd\Matchedge1.5.9-r0
OR
-containerd\Matchedge1.5.8-r0
OR
-containerd\Matchedge1.6.6-r0
OR
-containerd\Matchedge1.6.8-r1
OR
-containerd\Matchedge1.6.0-r0
OR
-containerd\Matchedge1.5.5-r2
OR
-containerd\Matchedge1.4.3-r0
OR
-containerd\Matchedge1.6.6-r1
OR
-containerd\Matchedge1.6.8-r2
OR
-containerd\Matchedge1.6.9-r0
OR
-containerd\Matchedge1.6.10-r0
OR
-containerd\Matchedge1.4.4-r0
OR
-containerd\Matchedge1.6.1-r0
OR
-containerd\Matchedge1.3.3-r0
OR
-containerd\Matchedge1.6.16-r0
OR
-containerd\Matchedge1.6.1-r1
OR
-containerd\Matchedge1.6.9-r1
OR
-containerd\Matchedge1.6.4-r1
OR
-containerd\Matchedge1.5.1-r1
OR
-containerd\Matchedge1.6.10-r1
OR
-containerd\Matchedge1.3.4-r0
OR
-containerd\Matchedge1.6.6-r2
OR
-containerd\Matchedge1.6.14-r0
OR
-containerd\Matchedge1.6.15-r0
OR
-containerd\Matchedge1.5.0-r0
OR
-containerd\Matchedge1.6.4-r2
OR
-containerd\Matchedge1.6.4-r0
OR
-containerd\Matchedge1.5.1-r0
OR
-containerd\Matchedge1.6.16-r1
OR
-containerd\Matchedge1.6.12-r0
OR
-containerd\Matchedge1.6.2-r0
OR
-containerd\Matchedge1.6.8-r0
OR
-containerd\Matchedge1.5.5-r0
OR
-containerd\Matchedge1.3.4-r1
OR
-containerd\Matchedge1.5.4-r0
OR
-containerd\Matchedge1.5.5-r1
OR
-containerd\Match3.171.6.9-r0
OR
-containerd\Match3.171.6.12-r1
OR
-containerd\Match3.171.6.9-r1
OR
-containerd\Match3.171.6.10-r0
OR
-containerd\Matchsid1.4.1~ds1-2
OR
-containerd\Matchbullseye1.4.5~ds1-2
OR
-containerd\Matchbullseye1.4.1~ds1-2
OR
-containerd\Matchedge1.6.3-r0
OR
-containerd\Matchedge1.5.9-r1
OR
-containerd\Matchedge1.5.7-r0
OR
-containerd\Matchedge1.5.9-r0
OR
-containerd\Matchedge1.5.8-r0
OR
-containerd\Matchedge1.6.6-r0
OR
-containerd\Matchedge1.6.8-r1
OR
-containerd\Matchedge1.6.0-r0
OR
-containerd\Matchedge1.5.5-r2
OR
-containerd\Matchedge1.4.3-r0
OR
-containerd\Matchedge1.6.6-r1
OR
-containerd\Matchedge1.6.8-r2
OR
-containerd\Matchedge1.6.9-r0
OR
-containerd\Matchedge1.6.10-r0
OR
-containerd\Matchedge1.4.4-r0
OR
-containerd\Matchedge1.6.1-r0
OR
-containerd\Matchedge1.3.3-r0
OR
-containerd\Matchedge1.6.16-r0
OR
-containerd\Matchedge1.6.1-r1
OR
-containerd\Matchedge1.6.9-r1
OR
-containerd\Matchedge1.6.4-r1
OR
-containerd\Matchedge1.5.1-r1
OR
-containerd\Matchedge1.6.10-r1
OR
-containerd\Matchedge1.3.4-r0
OR
-containerd\Matchedge1.6.6-r2
OR
-containerd\Matchedge1.6.14-r0
OR
-containerd\Matchedge1.6.15-r0
OR
-containerd\Matchedge1.5.0-r0
OR
-containerd\Matchedge1.6.4-r2
OR
-containerd\Matchedge1.6.4-r0
OR
-containerd\Matchedge1.5.1-r0
OR
-containerd\Matchedge1.6.16-r1
OR
-containerd\Matchedge1.6.12-r0
OR
-containerd\Matchedge1.6.2-r0
OR
-containerd\Matchedge1.6.8-r0
OR
-containerd\Matchedge1.5.5-r0
OR
-containerd\Matchedge1.3.4-r1
OR
-containerd\Matchedge1.5.4-r0
OR
-containerd\Matchedge1.5.5-r1
OR
-containerd\Match3.171.6.9-r0
OR
-containerd\Match3.171.6.12-r1
OR
-containerd\Match3.171.6.9-r1
OR
-containerd\Match3.171.6.10-r0
OR
-containerd\Matchsid1.4.1~ds1-2
OR
-containerd\Matchbullseye1.4.5~ds1-2
OR
-containerd\Matchbullseye1.4.1~ds1-2
OR
linuxfoundationcontainerdRangev1.7.0-beta.3
VendorProductVersionCPE
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.6.3-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.5.9-r1:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.5.7-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.5.9-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.5.8-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.6.6-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.6.8-r1:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.6.0-r0:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.5.5-r2:*:*:*:*:*:*:*
-containerd\edgecpe:2.3:a:-:containerd\:edge:1.4.3-r0:*:*:*:*:*:*:*
Rows per page:
1-10 of 471