Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namecontainerd
Version1.6.18-r0
Qualifiers
arch x86_64
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3brf-dmwm-qkgj
vulnerability_id VCID-3brf-dmwm-qkgj
summary 
Supplementary groups are not set up properly in github.com/containerd/containerd
### Impact

A bug was found in containerd where supplementary groups are not set up properly inside a container.  If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.

Downstream applications that use the containerd client library may be affected as well.

### Patches
This bug has been fixed in containerd v1.6.18 and v.1.5.18.  Users should update to these versions and recreate containers to resolve this issue.  Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions.

### Workarounds

Ensure that the `"USER $USERNAME"` Dockerfile instruction is not used.  Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.

### References

- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
- Docker/Moby: CVE-2022-36109, fixed in Docker 20.10.18
- CRI-O: CVE-2022-2995, fixed in CRI-O 1.25.0
- Podman: CVE-2022-2989, fixed in Podman 3.0.1 and 4.2.0
- Buildah: CVE-2022-2990, fixed in Buildah 1.27.1

Note that CVE IDs apply to a particular implementation, even if an issue is common.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)

To report a security issue in containerd:
* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)
* Email us at [security@containerd.io](mailto:security@containerd.io)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25173
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.05739
published_at 2026-04-02T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.05779
published_at 2026-04-04T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.06778
published_at 2026-04-13T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.06784
published_at 2026-04-12T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.06791
published_at 2026-04-11T12:55:00Z
5
value 0.00025
scoring_system epss
scoring_elements 0.06759
published_at 2026-04-08T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.06708
published_at 2026-04-07T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.06699
published_at 2026-04-18T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.06709
published_at 2026-04-16T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.06859
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25173
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-4wjj-jwc9-2x96
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/advisories/GHSA-4wjj-jwc9-2x96
5
reference_url https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/advisories/GHSA-fjm8-m7m6-2fjp
6
reference_url https://github.com/advisories/GHSA-phjr-8j92-w5v7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/advisories/GHSA-phjr-8j92-w5v7
7
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
8
reference_url https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a
9
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.18
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/containerd/containerd/releases/tag/v1.5.18
10
reference_url https://github.com/containerd/containerd/releases/tag/v1.6.18
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/containerd/containerd/releases/tag/v1.6.18
11
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p
12
reference_url https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25173
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25173
17
reference_url https://pkg.go.dev/vuln/GO-2023-1574
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2023-1574
18
reference_url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174485
reference_id 2174485
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2174485
20
reference_url https://security.gentoo.org/glsa/202408-01
reference_id GLSA-202408-01
reference_type
scores
url https://security.gentoo.org/glsa/202408-01
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
22
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
23
reference_url https://access.redhat.com/errata/RHSA-2023:1372
reference_id RHSA-2023:1372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1372
24
reference_url https://access.redhat.com/errata/RHSA-2023:2107
reference_id RHSA-2023:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2107
25
reference_url https://access.redhat.com/errata/RHSA-2023:3450
reference_id RHSA-2023:3450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3450
26
reference_url https://access.redhat.com/errata/RHSA-2023:3455
reference_id RHSA-2023:3455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3455
27
reference_url https://access.redhat.com/errata/RHSA-2023:3537
reference_id RHSA-2023:3537
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3537
28
reference_url https://access.redhat.com/errata/RHSA-2023:4025
reference_id RHSA-2023:4025
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4025
29
reference_url https://access.redhat.com/errata/RHSA-2023:4226
reference_id RHSA-2023:4226
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4226
30
reference_url https://access.redhat.com/errata/RHSA-2023:4488
reference_id RHSA-2023:4488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4488
31
reference_url https://access.redhat.com/errata/RHSA-2023:4671
reference_id RHSA-2023:4671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4671
32
reference_url https://access.redhat.com/errata/RHSA-2023:5006
reference_id RHSA-2023:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5006
33
reference_url https://access.redhat.com/errata/RHSA-2023:5314
reference_id RHSA-2023:5314
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5314
34
reference_url https://access.redhat.com/errata/RHSA-2023:6473
reference_id RHSA-2023:6473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6473
35
reference_url https://access.redhat.com/errata/RHSA-2023:6474
reference_id RHSA-2023:6474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6474
36
reference_url https://access.redhat.com/errata/RHSA-2023:6817
reference_id RHSA-2023:6817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6817
37
reference_url https://access.redhat.com/errata/RHSA-2023:6939
reference_id RHSA-2023:6939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6939
38
reference_url https://usn.ubuntu.com/6202-1/
reference_id USN-6202-1
reference_type
scores
url https://usn.ubuntu.com/6202-1/
39
reference_url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
reference_id vulnerability-in-linux-containers-investigation-and-mitigation
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/
40
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community
aliases CVE-2023-25173, GHSA-hmfx-3pcx-653p
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3brf-dmwm-qkgj
1
url VCID-yyye-gaug-8uh2
vulnerability_id VCID-yyye-gaug-8uh2
summary 
OCI image importer memory exhaustion in github.com/containerd/containerd
### Impact
When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.

### Patches

This bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue.

### Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images. 

### Credits

The containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)

To report a security issue in containerd:
* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)
* Email us at [security@containerd.io](mailto:security@containerd.io)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25153
reference_id
reference_type
scores
0
value 0.0019
scoring_system epss
scoring_elements 0.40894
published_at 2026-04-18T12:55:00Z
1
value 0.0019
scoring_system epss
scoring_elements 0.40925
published_at 2026-04-16T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40883
published_at 2026-04-13T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40903
published_at 2026-04-12T12:55:00Z
4
value 0.0019
scoring_system epss
scoring_elements 0.40938
published_at 2026-04-11T12:55:00Z
5
value 0.0019
scoring_system epss
scoring_elements 0.40921
published_at 2026-04-09T12:55:00Z
6
value 0.0019
scoring_system epss
scoring_elements 0.40865
published_at 2026-04-07T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40936
published_at 2026-04-04T12:55:00Z
8
value 0.0019
scoring_system epss
scoring_elements 0.40909
published_at 2026-04-02T12:55:00Z
9
value 0.0019
scoring_system epss
scoring_elements 0.40914
published_at 2026-04-08T12:55:00Z
10
value 0.00209
scoring_system epss
scoring_elements 0.43309
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25153
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
5
reference_url https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4
6
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.18
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/releases/tag/v1.5.18
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.6.18
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/releases/tag/v1.6.18
8
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/
url https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25153
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25153
10
reference_url https://pkg.go.dev/vuln/GO-2023-1573
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2023-1573
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2174473
reference_id 2174473
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2174473
12
reference_url https://security.gentoo.org/glsa/202408-01
reference_id GLSA-202408-01
reference_type
scores
url https://security.gentoo.org/glsa/202408-01
13
reference_url https://access.redhat.com/errata/RHSA-2023:6817
reference_id RHSA-2023:6817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6817
14
reference_url https://usn.ubuntu.com/6202-1/
reference_id USN-6202-1
reference_type
scores
url https://usn.ubuntu.com/6202-1/
fixed_packages
0
url pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community
aliases CVE-2023-25153, GHSA-259w-8hf6-59c2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyye-gaug-8uh2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community