Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-yyye-gaug-8uh2

Summary

OCI image importer memory exhaustion in github.com/containerd/containerd
### Impact
When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.

### Patches

This bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue.

### Workarounds

Ensure that only trusted images are used and that only trusted users have permissions to import images. 

### Credits

The containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)

To report a security issue in containerd:
* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)
* Email us at [security@containerd.io](mailto:security@containerd.io)

Aliases

alias	CVE-2023-25153

alias	GHSA-259w-8hf6-59c2

Fixed_packages

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/containerd@1.6.18-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.6.18-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie
purl	pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie

url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4

purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f2yv-ut5v-m7ey

vulnerability	VCID-twq1-g136-9kc3

vulnerability	VCID-xd4a-qav4-uqd1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4

url	pkg:deb/debian/containerd@1.6.18~ds1-1?distro=trixie
purl	pkg:deb/debian/containerd@1.6.18~ds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.18~ds1-1%3Fdistro=trixie

url pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xd4a-qav4-uqd1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie
purl	pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie

url	pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie
purl	pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie

url	pkg:ebuild/app-containers/containerd@1.6.19
purl	pkg:ebuild/app-containers/containerd@1.6.19
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/containerd@1.6.19

url	pkg:golang/github.com/containerd/containerd@1.5.18
purl	pkg:golang/github.com/containerd/containerd@1.5.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containerd/containerd@1.5.18

url	pkg:golang/github.com/containerd/containerd@1.6.18
purl	pkg:golang/github.com/containerd/containerd@1.6.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containerd/containerd@1.6.18

Affected_packages

url pkg:deb/debian/containerd@1.4.5~ds1-2

purl pkg:deb/debian/containerd@1.4.5~ds1-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ucu-ewxj-xfhp

vulnerability	VCID-3brf-dmwm-qkgj

vulnerability	VCID-9qpc-77v8-13hw

vulnerability	VCID-f2yv-ut5v-m7ey

vulnerability	VCID-kuwr-ugf2-rke4

vulnerability	VCID-tc5s-4nx2-y7d9

vulnerability	VCID-twq1-g136-9kc3

vulnerability	VCID-xd4a-qav4-uqd1

vulnerability	VCID-yyye-gaug-8uh2

vulnerability	VCID-zedh-ff93-yka4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.5~ds1-2

url pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2

purl pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3brf-dmwm-qkgj

vulnerability	VCID-f2yv-ut5v-m7ey

vulnerability	VCID-tc5s-4nx2-y7d9

vulnerability	VCID-twq1-g136-9kc3

vulnerability	VCID-xd4a-qav4-uqd1

vulnerability	VCID-yyye-gaug-8uh2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2

url pkg:rpm/redhat/ceph@2:20.1.0-144?arch=el10cp

purl pkg:rpm/redhat/ceph@2:20.1.0-144?arch=el10cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18bk-met9-qfc9

vulnerability	VCID-h8nr-tcb7-93em

vulnerability	VCID-r1ah-c6z7-vyen

vulnerability	VCID-s5gr-zsbz-xkbe

vulnerability	VCID-yyye-gaug-8uh2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:20.1.0-144%3Farch=el10cp

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-25153

reference_id

reference_type

scores

value	0.0019
scoring_system	epss
scoring_elements	0.40894
published_at	2026-04-18T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40925
published_at	2026-04-16T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40883
published_at	2026-04-13T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40903
published_at	2026-04-12T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40938
published_at	2026-04-11T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40921
published_at	2026-04-09T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40865
published_at	2026-04-07T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40936
published_at	2026-04-04T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40909
published_at	2026-04-02T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40914
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43309
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-25153

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/containerd/containerd

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/containerd/containerd

reference_url

https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/

url

https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4

reference_url

https://github.com/containerd/containerd/releases/tag/v1.5.18

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/

url

https://github.com/containerd/containerd/releases/tag/v1.5.18

reference_url

https://github.com/containerd/containerd/releases/tag/v1.6.18

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/

url

https://github.com/containerd/containerd/releases/tag/v1.6.18

reference_url

https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/

url

https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-25153

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-25153

reference_url

https://pkg.go.dev/vuln/GO-2023-1573

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2023-1573

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2174473
reference_id	2174473
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2174473

reference_url	https://security.gentoo.org/glsa/202408-01
reference_id	GLSA-202408-01
reference_type
scores
url	https://security.gentoo.org/glsa/202408-01

reference_url	https://access.redhat.com/errata/RHSA-2023:6817
reference_id	RHSA-2023:6817
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6817

reference_url	https://usn.ubuntu.com/6202-1/
reference_id	USN-6202-1
reference_type
scores
url	https://usn.ubuntu.com/6202-1/

Weaknesses

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyye-gaug-8uh2

Vulnerability Instance