github.com/containerd/containerd is vulnerable to Denial of Service (DoS). The vulnerability exists because the onUntarJSON
function in importer.go
does not properly limit the number of bytes read for specific files when importing an OCI image, allowing an attacker to cause an application crash through the maliciously crafted image.
Vendor | Product | Version | CPE |
---|---|---|---|
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.3-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.9-r1:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.7-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.9-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.8-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.6-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.8-r1:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.6.0-r0:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.5.5-r2:*:*:*:*:*:*:* |
- | containerd\ | edge | cpe:2.3:a:-:containerd\:edge:1.4.3-r0:*:*:*:*:*:*:* |
github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
github.com/containerd/containerd/commit/959e1cf9602f3b7a71bdca7b6344b40e00504730
github.com/containerd/containerd/commit/9e4acc02807a012a51f68afef41f189a350a16cd
github.com/containerd/containerd/releases/tag/v1.5.18
github.com/containerd/containerd/releases/tag/v1.6.18
github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.17/community.yaml