Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-25173

Published: 16/02/2023 Updated: 15/09/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Linuxfoundation

Vulnerability Summary

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. (CVE-2022-23471) containerd is an open source container runtime. prior to 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. (CVE-2023-25153) containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. (CVE-2023-25173)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation containerd

Vendor Advisories

Red Hat: Moderate: podman security, bug fix, and enhancement update
Synopsis Moderate: podman security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...
Red Hat: Moderate: OpenShift Container Platform 4.13.6 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4136 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
Red Hat: Moderate: Release of OpenShift Serverless 1.29.0
Synopsis Moderate: Release of OpenShift Serverless 1290 Type/Severity Security Advisory: Moderate Topic OpenShift Serverless version 1290 contains a moderate security impactThe References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) ...
Red Hat: Moderate: OpenShift Serverless Client kn 1.29.0 release
Synopsis Moderate: OpenShift Serverless Client kn 1290 release Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic OpenShift Serverless 1290 has been released The References section contains CVE links providing detailed s ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 179 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 179 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: OpenShift Container Platform 4.13.3 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 4133 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4133 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...
Red Hat: Low: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]
Synopsis Low: Red Hat OpenShift support for Windows Containers 710 [security update] Type/Severity Security Advisory: Low Topic The components for Red Hat OpenShift support for Windows Containers 710 are now available This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator ...
Red Hat: Moderate: OpenShift Security Profiles Operator bug fix update
Synopsis Moderate: OpenShift Security Profiles Operator bug fix update Type/Severity Security Advisory: Moderate Topic An updated Security Profiles Operator image that fixes various bugs is now available for the Red Hat OpenShift Enterprise 4 catalog Description The OpenShift Security Profiles Operator v070 is now available See the docu ...
Red Hat: Moderate: OpenShift Container Platform 4.12.30 bug fix and security update
概述 Moderate: OpenShift Container Platform 41230 bug fix and security update 类型/严重性 Security Advisory: Moderate 标题 Red Hat OpenShift Container Platform release 41230 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.6 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 116 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 116 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: buildah security update
Synopsis Moderate: buildah security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Moderate: Red Hat OpenShift support for Windows Containers 6.0.1[security update]
Synopsis Moderate: Red Hat OpenShift support for Windows Containers 601[security update] Type/Severity Security Advisory: Moderate Topic The components for Red Hat OpenShift support for Windows Containers 601 are now available This product release includes bug fixes and security update for the following packages: windows-machine-config-o ...
Red Hat:
Description<!---->A flaw was found in containerd, where supplementary groups are not set up properly inside a container If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases This issue can allow access ...
Amazon Linux 2: ALAS2ECS-2023-002
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALAS2DOCKER-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...
Amazon Linux 2: ALASNITRO-ENCLAVES-2024-035
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler When using MaxBytesHandler, the body of an HTTP request is not fully consumed When the server attempts to read HTTP2 frame ...
Amazon Linux 2: ALASDOCKER-2024-035
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse (CVE-2022-32149) A request smuggling attack is possible when using MaxBytesHandler When using MaxBytesHandler, the body of an HTTP request is not fully consumed When the server attempts to read HTTP2 frame ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2023-023
containerd is an open source container runtime A bug was found in containerd's CRI implementation where a user can exhaust memory on the host In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested If the user's process fails to launch due to, for example, a faulty command, the goroutine will be s ...

References

CWE-863https://github.com/advisories/GHSA-phjr-8j92-w5v7https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460ahttps://github.com/containerd/containerd/releases/tag/v1.5.18https://github.com/containerd/containerd/releases/tag/v1.6.18https://github.com/advisories/GHSA-4wjj-jwc9-2x96https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653phttps://github.com/advisories/GHSA-fjm8-m7m6-2fjphttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:6474https://access.redhat.com/security/cve/cve-2023-25173https://alas.aws.amazon.com/AL2/ALASECS-2023-002.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook