Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1051611?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1051611?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2", "type": "deb", "namespace": "debian", "name": "containerd", "version": "1.4.13~ds1-1~deb11u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.5.8~ds1-3", "latest_non_vulnerable_version": "1.7.24~ds1-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30847?format=api", "vulnerability_id": "VCID-3brf-dmwm-qkgj", "summary": "Supplementary groups are not set up properly in github.com/containerd/containerd\n### Impact\n\nA bug was found in containerd where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.\n\nDownstream applications that use the containerd client library may be affected as well.\n\n### Patches\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions.\n\n### Workarounds\n\nEnsure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.\n\n### References\n\n- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n- Docker/Moby: CVE-2022-36109, fixed in Docker 20.10.18\n- CRI-O: CVE-2022-2995, fixed in CRI-O 1.25.0\n- Podman: CVE-2022-2989, fixed in Podman 3.0.1 and 4.2.0\n- Buildah: CVE-2022-2990, fixed in Buildah 1.27.1\n\nNote that CVE IDs apply to a particular implementation, even if an issue is common.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05739", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0633", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06312", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06709", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06887", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06867", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06859", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06699", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06791", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06759", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06708", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4wjj-jwc9-2x96", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/advisories/GHSA-4wjj-jwc9-2x96" }, { "reference_url": "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp" }, { "reference_url": "https://github.com/advisories/GHSA-phjr-8j92-w5v7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/advisories/GHSA-phjr-8j92-w5v7" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.5.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.5.18" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.6.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.6.18" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2023-1574", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2023-1574" }, { "reference_url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "reference_id": "2174485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174485" }, { "reference_url": "https://security.gentoo.org/glsa/202408-01", "reference_id": "GLSA-202408-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-01" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/", "reference_id": "LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1326", "reference_id": "RHSA-2023:1326", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1372", "reference_id": "RHSA-2023:1372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1372" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2107", "reference_id": "RHSA-2023:2107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3450", "reference_id": "RHSA-2023:3450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3455", "reference_id": "RHSA-2023:3455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3537", "reference_id": "RHSA-2023:3537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4025", "reference_id": "RHSA-2023:4025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4226", "reference_id": "RHSA-2023:4226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4488", "reference_id": "RHSA-2023:4488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4671", "reference_id": "RHSA-2023:4671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5006", "reference_id": "RHSA-2023:5006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5314", "reference_id": "RHSA-2023:5314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6473", "reference_id": "RHSA-2023:6473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6474", "reference_id": "RHSA-2023:6474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6817", "reference_id": "RHSA-2023:6817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6939", "reference_id": "RHSA-2023:6939", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6939" }, { "reference_url": "https://usn.ubuntu.com/6202-1/", "reference_id": "USN-6202-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6202-1/" }, { "reference_url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/", "reference_id": "vulnerability-in-linux-containers-investigation-and-mitigation", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/", "reference_id": "XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/", "reference_id": "ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051612?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4" } ], "aliases": [ "CVE-2023-25173", "GHSA-hmfx-3pcx-653p" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3brf-dmwm-qkgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29638?format=api", "vulnerability_id": "VCID-f2yv-ut5v-m7ey", "summary": "containerd affected by a local privilege escalation via wide permissions on CRI directory\n### Impact\n\nAn overly broad default permission vulnerability was found in containerd.\n\n- `/var/lib/containerd` was created with the permission bits 0o711, while it should be created with 0o700\n - Allowed local users on the host to potentially access the metadata store and the content store\n- `/run/containerd/io.containerd.grpc.v1.cri` was created with 0o755, while it should be created with 0o700\n - Allowed local users on the host to potentially access the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.\n- `/run/containerd/io.containerd.sandbox.controller.v1.shim` was created with 0o711, while it should be created with 0o700\n\nThe directory paths may differ depending on the daemon configuration.\nWhen the `temp` directory path is specified in the daemon configuration, that directory was also created with 0o711, while it should be created with 0o700.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.2.0\n* 2.1.5\n* 2.0.7\n* 1.7.29\n\nUsers should update to these versions to resolve the issue.\nThese updates automatically change the permissions of the existing directories.\n\n> [!NOTE]\n>\n> `/run/containerd` and `/run/containerd/io.containerd.runtime.v2.task` are still created with 0o711.\n> This is an expected behavior for supporting userns-remapped containers.\n\n### Workarounds\n\nThe system administrator on the host can manually chmod the directories to not \nhave group or world accessible permisisons:\n\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\n\nAn alternative mitigation would be to run containerd in [rootless mode](https://github.com/containerd/containerd/blob/main/docs/rootless.md).\n\n### Credits\n\nThe containerd project would like to thank David Leadbeater for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25621.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25621", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00193", "published_at": "2026-04-29T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00195", "published_at": "2026-05-05T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00149", "published_at": "2026-04-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00191", "published_at": "2026-04-16T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.0015", "published_at": "2026-04-13T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00351", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25621" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25621" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/" } ], "url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md" }, { "reference_url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/" } ], "url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120285", "reference_id": "1120285", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120285" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190", "reference_id": "2413190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22955", "reference_id": "RHSA-2025:22955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23248", "reference_id": "RHSA-2025:23248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23428", "reference_id": "RHSA-2025:23428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23644", "reference_id": "RHSA-2025:23644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2343", "reference_id": "RHSA-2026:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2456", "reference_id": "RHSA-2026:2456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2900", "reference_id": "RHSA-2026:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3122", "reference_id": "RHSA-2026:3122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3122" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3713", "reference_id": "RHSA-2026:3713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5807", "reference_id": "RHSA-2026:5807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5807" }, { "reference_url": "https://usn.ubuntu.com/7983-1/", "reference_id": "USN-7983-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7983-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051996?format=api", "purl": "pkg:deb/debian/containerd@1.5.8~ds1-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.8~ds1-3" } ], "aliases": [ "CVE-2024-25621", "GHSA-pwhc-rpq9-4c8w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2yv-ut5v-m7ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42022?format=api", "vulnerability_id": "VCID-tc5s-4nx2-y7d9", "summary": "Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23471", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47663", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47799", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4779", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47861", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47807", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47821", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47746", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47798", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23471" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295" }, { "reference_url": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/" } ], "url": "https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.5.16", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.5.16" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.6.12", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.6.12" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23471", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23471" }, { "reference_url": "https://security.gentoo.org/glsa/202401-31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/" } ], "url": "https://security.gentoo.org/glsa/202401-31" }, { "reference_url": "https://usn.ubuntu.com/5776-1/", "reference_id": "USN-5776-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5776-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051612?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4" } ], "aliases": [ "CVE-2022-23471", "GHSA-2qjp-425j-52j9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc5s-4nx2-y7d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29340?format=api", "vulnerability_id": "VCID-twq1-g136-9kc3", "summary": "containerd has an integer overflow in User ID handling\n### Impact\nA bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions: \n\n* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)\n* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)\n* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images.\n\n### Credits\nThe containerd project would like to thank [Benjamin Koltermann](https://github.com/p4ck3t0) and [emxll](https://github.com/emxll) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02626", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02699", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02709", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02591", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02608", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02618", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02622", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02646", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19043", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19193", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19149", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-40635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/" } ], "url": "https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da" }, { "reference_url": "https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/" } ], "url": "https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20" }, { "reference_url": "https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/" } ], "url": "https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40635", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40635" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806", "reference_id": "1100806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353043", "reference_id": "2353043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353043" }, { "reference_url": "https://usn.ubuntu.com/7374-1/", "reference_id": "USN-7374-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7374-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051996?format=api", "purl": "pkg:deb/debian/containerd@1.5.8~ds1-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.8~ds1-3" } ], "aliases": [ "CVE-2024-40635", "GHSA-265r-hfxg-fhmg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twq1-g136-9kc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29688?format=api", "vulnerability_id": "VCID-xd4a-qav4-uqd1", "summary": "containerd CRI server: Host memory exhaustion through Attach goroutine leak\n### Impact\n\nA bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. \n\nRepetitive calls of CRI Attach (e.g., [`kubectl attach`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_attach/)) could increase the memory usage of containerd.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.2.0\n* 2.1.5\n* 2.0.7\n* 1.7.29\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\n\nSet up an admission controller to control accesses to `pods/attach` resources.\ne.g., [Validating Admission Policy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/).\n\n### Credits\n\nThe containerd project would like to thank @Wheat2018 for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64329.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64329.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64329", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00264", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00256", "published_at": "2026-04-16T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00259", "published_at": "2026-04-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00266", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00262", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.004", "published_at": "2026-05-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00401", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00377", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00398", "published_at": "2026-04-29T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00402", "published_at": "2026-04-26T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00673", "published_at": "2026-04-04T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00681", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:41:50Z/" } ], "url": "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:41:50Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64329", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64329" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343", "reference_id": "1120343", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413299", "reference_id": "2413299", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2900", "reference_id": "RHSA-2026:2900", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2900" }, { "reference_url": "https://usn.ubuntu.com/7983-1/", "reference_id": "USN-7983-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7983-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051996?format=api", "purl": "pkg:deb/debian/containerd@1.5.8~ds1-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.8~ds1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1026208?format=api", "purl": "pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/585150?format=api", "purl": "pkg:deb/debian/containerd@1.7.24~ds1-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-4" } ], "aliases": [ "CVE-2025-64329", "GHSA-m6hq-p25p-ffr2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xd4a-qav4-uqd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30861?format=api", "vulnerability_id": "VCID-yyye-gaug-8uh2", "summary": "OCI image importer memory exhaustion in github.com/containerd/containerd\n### Impact\nWhen importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images are used and that only trusted users have permissions to import images. \n\n### Credits\n\nThe containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25153", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40936", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40883", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40938", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40921", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40914", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40909", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40865", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40894", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40925", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43309", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43245", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43242", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43166", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43034", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25153" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/" } ], "url": "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.5.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.5.18" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.6.18", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.6.18" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25153", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25153" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2023-1573", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2023-1573" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174473", "reference_id": "2174473", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174473" }, { "reference_url": "https://security.gentoo.org/glsa/202408-01", "reference_id": "GLSA-202408-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6817", "reference_id": "RHSA-2023:6817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6817" }, { "reference_url": "https://usn.ubuntu.com/6202-1/", "reference_id": "USN-6202-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6202-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051612?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4" } ], "aliases": [ "CVE-2023-25153", "GHSA-259w-8hf6-59c2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyye-gaug-8uh2" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42024?format=api", "vulnerability_id": "VCID-1ucu-ewxj-xfhp", "summary": "Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36348", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36114", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36231", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36318", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36715", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36584", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36637", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36654", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36603", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36649", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36631", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36572", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31030", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31030" }, { "reference_url": "https://security.gentoo.org/glsa/202401-31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202401-31" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5162" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/07/1" }, { "reference_url": "https://security.archlinux.org/AVG-2755", "reference_id": "AVG-2755", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2755" }, { "reference_url": "https://usn.ubuntu.com/5776-1/", "reference_id": "USN-5776-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5776-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5521-1/", "reference_id": "USN-USN-5521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051611?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3brf-dmwm-qkgj" }, { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-tc5s-4nx2-y7d9" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" }, { "vulnerability": "VCID-yyye-gaug-8uh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2" } ], "aliases": [ "CVE-2022-31030", "GHSA-5ffw-gxpp-mxpf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ucu-ewxj-xfhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12708?format=api", "vulnerability_id": "VCID-9qpc-77v8-13hw", "summary": "Moby (Docker Engine) started with non-empty inheritable Linux process capabilities\n### Impact\n\nA bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.\n\nThis bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.\n\n\n### Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.14. Users should update to this version as soon as possible. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset.\n\nThis fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. Refer to `capabilities(7)` for a description of how capabilities work. Note that permitted file capabilities continue to allow for privileges to be raised up to the container's bounding set and that processes may add capabilities to their own inheritable set up to the container's bounding set per the rules described in the manual page. In all cases the container's bounding set provides an upper bound on the capabilities that can be assumed and provides for the container security sandbox.\n\n### Workarounds\n\nThe entrypoint of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.\n\n### Credits\n\nThe Moby project would like to thank [Andrew G. Morgan](https://github.com/AndrewGMorgan) for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at [security@docker.com](mailto:security@docker.com) if you think you’ve found a security bug", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2644", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26573", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26644", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26866", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2675", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26652", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26709", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26774", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26767", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26825", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29614", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f" }, { "reference_url": "https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1" }, { "reference_url": "https://github.com/moby/moby/releases/tag/v20.10.14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/releases/tag/v20.10.14" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769" }, { "reference_url": "https://security.gentoo.org/glsa/202401-31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202401-31" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5162", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5162" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/05/12/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/05/12/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066837", "reference_id": "2066837", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1357", "reference_id": "RHSA-2022:1357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1363", "reference_id": "RHSA-2022:1363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1370", "reference_id": "RHSA-2022:1370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1622", "reference_id": "RHSA-2022:1622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1699", "reference_id": "RHSA-2022:1699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2265", "reference_id": "RHSA-2022:2265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2265" }, { "reference_url": "https://usn.ubuntu.com/5776-1/", "reference_id": "USN-5776-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5776-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051611?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3brf-dmwm-qkgj" }, { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-tc5s-4nx2-y7d9" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" }, { "vulnerability": "VCID-yyye-gaug-8uh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2" } ], "aliases": [ "CVE-2022-24769", "GHSA-2mm7-x5h6-5pvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpc-77v8-13hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34359?format=api", "vulnerability_id": "VCID-kuwr-ugf2-rke4", "summary": "Insufficiently restricted permissions on plugin directories\n### Impact\nA bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n### Patches\nThis vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.\n\n### Workarounds\nLimit access to the host to trusted users. Update directory permission on container bundles directories. \n\n### For more information\nIf you have any questions or comments about this advisory: \n* Open an issue in [github.com/containerd/containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24356", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2448", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24689", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24592", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24614", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24611", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24624", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24668", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24766", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24805", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24579", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24648", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24709", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41103" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.4.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.4.11" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.5.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.5.7" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41103", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41103" }, { "reference_url": "https://security.gentoo.org/glsa/202401-31", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202401-31" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011007", "reference_id": "2011007", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011007" }, { "reference_url": "https://security.archlinux.org/AVG-2439", "reference_id": "AVG-2439", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5673", "reference_id": "RHSA-2022:5673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6517", "reference_id": "RHSA-2022:6517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6517" }, { "reference_url": "https://usn.ubuntu.com/5100-1/", "reference_id": "USN-5100-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5100-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5521-1/", "reference_id": "USN-USN-5521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051611?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3brf-dmwm-qkgj" }, { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-tc5s-4nx2-y7d9" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" }, { "vulnerability": "VCID-yyye-gaug-8uh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2" } ], "aliases": [ "CVE-2021-41103", "GHSA-c2h3-6mxw-7mvq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwr-ugf2-rke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42023?format=api", "vulnerability_id": "VCID-zedh-ff93-yka4", "summary": "Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05848", "scoring_system": "epss", "scoring_elements": "0.90579", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05848", "scoring_system": "epss", "scoring_elements": "0.90578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05848", "scoring_system": "epss", "scoring_elements": "0.90575", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05848", "scoring_system": "epss", "scoring_elements": "0.90564", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05848", "scoring_system": "epss", "scoring_elements": "0.90587", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90846", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90848", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90829", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90831", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.9083", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90815", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06156", "scoring_system": "epss", "scoring_elements": "0.90804", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0813", "scoring_system": "epss", "scoring_elements": "0.92141", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containerd/containerd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd" }, { "reference_url": "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.4.13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.4.13" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.5.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.5.10" }, { "reference_url": "https://github.com/containerd/containerd/releases/tag/v1.6.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/releases/tag/v1.6.1" }, { "reference_url": "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648" }, { "reference_url": "https://security.gentoo.org/glsa/202401-31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202401-31" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5091" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060029", "reference_id": "2060029", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060029" }, { "reference_url": "https://security.archlinux.org/AVG-2725", "reference_id": "AVG-2725", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2725" }, { "reference_url": "https://usn.ubuntu.com/5311-1/", "reference_id": "USN-5311-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5311-1/" }, { "reference_url": "https://usn.ubuntu.com/5311-2/", "reference_id": "USN-5311-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5311-2/" }, { "reference_url": "https://usn.ubuntu.com/USN-5521-1/", "reference_id": "USN-USN-5521-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5521-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051611?format=api", "purl": "pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3brf-dmwm-qkgj" }, { "vulnerability": "VCID-f2yv-ut5v-m7ey" }, { "vulnerability": "VCID-tc5s-4nx2-y7d9" }, { "vulnerability": "VCID-twq1-g136-9kc3" }, { "vulnerability": "VCID-xd4a-qav4-uqd1" }, { "vulnerability": "VCID-yyye-gaug-8uh2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2" } ], "aliases": [ "CVE-2022-23648", "GHSA-crp2-qrr5-8pq7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zedh-ff93-yka4" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2" }