VulnerableCode Package Details - pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-xd4a-qav4-uqd1 Aliases: CVE-2025-64329 GHSA-m6hq-p25p-ffr2	containerd CRI server: Host memory exhaustion through Attach goroutine leak ### Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach (e.g., [`kubectl attach`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_attach/)) could increase the memory usage of containerd. ### Patches This bug has been fixed in the following containerd versions: * 2.2.0 * 2.1.5 * 2.0.7 * 1.7.29 Users should update to these versions to resolve the issue. ### Workarounds Set up an admission controller to control accesses to `pods/attach` resources. e.g., [Validating Admission Policy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/). ### Credits The containerd project would like to thank @Wheat2018 for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md). ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329 ### For more information If you have any questions or comments about this advisory: * Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose) * Email us at [security@containerd.io](mailto:security@containerd.io) To report a security issue in containerd: * [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)	1.6.20~ds1-1+deb12u3 Affected by 0 other vulnerabilities. 1.7.24~ds1-4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xd4a-qav4-uqd1
Aliases:
CVE-2025-64329
GHSA-m6hq-p25p-ffr2

containerd CRI server: Host memory exhaustion through Attach goroutine leak ### Impact A bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. Repetitive calls of CRI Attach (e.g., [`kubectl attach`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_attach/)) could increase the memory usage of containerd. ### Patches This bug has been fixed in the following containerd versions: * 2.2.0 * 2.1.5 * 2.0.7 * 1.7.29 Users should update to these versions to resolve the issue. ### Workarounds Set up an admission controller to control accesses to `pods/attach` resources. e.g., [Validating Admission Policy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/). ### Credits The containerd project would like to thank @Wheat2018 for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md). ### References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329 ### For more information If you have any questions or comments about this advisory: * Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose) * Email us at [security@containerd.io](mailto:security@containerd.io) To report a security issue in containerd: * [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)

1.6.20~ds1-1+deb12u3
Affected by 0 other vulnerabilities.

1.7.24~ds1-4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:15:45.020058+00:00	Debian Importer	Affected by	VCID-xd4a-qav4-uqd1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-11T18:11:30.692154+00:00	Debian Importer	Affected by	VCID-xd4a-qav4-uqd1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:08:42.355807+00:00	Debian Importer	Affected by	VCID-xd4a-qav4-uqd1	https://security-tracker.debian.org/tracker/data/json	38.1.0