Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-23471

Published: 07/12/2022 Updated: 31/01/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Containerd

Vulnerability Summary

It exists that containerd incorrectly handled access to encrypted container images when using imgcrypt library. A remote attacker could possibly use this issue to access encrypted images from other users. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24778)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation containerd

Vendor Advisories

Ubuntu Security Notice: USN-5776-1: containerd vulnerabilities
Several security issues were fixed in containerd ...
Amazon Linux 2: ALAS2ECS-2023-002
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALAS2DOCKER-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-401https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0https://security.gentoo.org/glsa/202401-31https://ubuntu.com/security/notices/USN-5776-1https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook