Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-25153

Published: 16/02/2023 Updated: 07/11/2023
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linuxfoundation

Vulnerability Summary

containerd is an open source container runtime. prior to 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation containerd

Vendor Advisories

Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: containerd is an open source container runtime Before versions 1618 and 1518, when importing an OCI image, there was no limit on the number of bytes read for certain files A maliciously crafted image with a large file where a limit was not applied could cause a denial of service Th ...
Amazon Linux 2: ALAS2ECS-2023-002
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALAS2DOCKER-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALASNITRO-ENCLAVES-2024-035
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler When using MaxBytesHandler, the body of an HTTP request is not fully consumed When the server attempts to read HTTP2 frame ...
Amazon Linux 2: ALASDOCKER-2024-035
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler When using MaxBytesHandler, the body of an HTTP request is not fully consumed When the server attempts to read HTTP2 frame ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/0600b443ff4393d097c485fbc8d3ed3b
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-770https://github.com/containerd/containerd/releases/tag/v1.5.18https://github.com/containerd/containerd/releases/tag/v1.6.18https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11https://access.redhat.com/security/cve/cve-2023-25153
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook