{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","type":"deb","namespace":"debian","name":"containerd","version":"2.1.6+ds1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42024?format=json","vulnerability_id":"VCID-1ucu-ewxj-xfhp","summary":"Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31030","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36649","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36217","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36318","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36348","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36572","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36715","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36654","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36663","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36628","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36603","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36631","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36147","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36211","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36184","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36114","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36231","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31030","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31030"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://www.debian.org/security/2022/dsa-5162","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5162"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/06/07/1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/06/07/1"},{"reference_url":"https://security.archlinux.org/AVG-2755","reference_id":"AVG-2755","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2755"},{"reference_url":"https://usn.ubuntu.com/5776-1/","reference_id":"USN-5776-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5776-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5521-1/","reference_id":"USN-USN-5521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584986?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/584987?format=json","purl":"pkg:deb/debian/containerd@1.6.6~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.6~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-31030","GHSA-5ffw-gxpp-mxpf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ucu-ewxj-xfhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30847?format=json","vulnerability_id":"VCID-3brf-dmwm-qkgj","summary":"Supplementary groups are not set up properly in github.com/containerd/containerd\n### Impact\n\nA bug was found in containerd where supplementary groups are not set up properly inside a container.  If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.\n\nDownstream applications that use the containerd client library may be affected as well.\n\n### Patches\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18.  Users should update to these versions and recreate containers to resolve this issue.  Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions.\n\n### Workarounds\n\nEnsure that the `\"USER $USERNAME\"` Dockerfile instruction is not used.  Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.\n\n### References\n\n- https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n- Docker/Moby: CVE-2022-36109, fixed in Docker 20.10.18\n- CRI-O: CVE-2022-2995, fixed in CRI-O 1.25.0\n- Podman: CVE-2022-2989, fixed in Podman 3.0.1 and 4.2.0\n- Buildah: CVE-2022-2990, fixed in Buildah 1.27.1\n\nNote that CVE IDs apply to a particular implementation, even if an issue is common.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25173.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25173","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05739","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06527","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06517","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06443","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0633","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06312","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06556","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06539","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06859","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06867","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06699","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06709","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06778","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06708","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-4wjj-jwc9-2x96","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/advisories/GHSA-4wjj-jwc9-2x96"},{"reference_url":"https://github.com/advisories/GHSA-fjm8-m7m6-2fjp","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/advisories/GHSA-fjm8-m7m6-2fjp"},{"reference_url":"https://github.com/advisories/GHSA-phjr-8j92-w5v7","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/advisories/GHSA-phjr-8j92-w5v7"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.18"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.6.18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.6.18"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25173","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25173"},{"reference_url":"https://pkg.go.dev/vuln/GO-2023-1574","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2023-1574"},{"reference_url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174485","reference_id":"2174485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174485"},{"reference_url":"https://security.gentoo.org/glsa/202408-01","reference_id":"GLSA-202408-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-01"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/","reference_id":"LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1326","reference_id":"RHSA-2023:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1372","reference_id":"RHSA-2023:1372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2107","reference_id":"RHSA-2023:2107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3450","reference_id":"RHSA-2023:3450","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3450"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3455","reference_id":"RHSA-2023:3455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3537","reference_id":"RHSA-2023:3537","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3537"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4025","reference_id":"RHSA-2023:4025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4025"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4226","reference_id":"RHSA-2023:4226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4488","reference_id":"RHSA-2023:4488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4671","reference_id":"RHSA-2023:4671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5006","reference_id":"RHSA-2023:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5314","reference_id":"RHSA-2023:5314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6473","reference_id":"RHSA-2023:6473","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6473"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6474","reference_id":"RHSA-2023:6474","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6474"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6817","reference_id":"RHSA-2023:6817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6939","reference_id":"RHSA-2023:6939","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6939"},{"reference_url":"https://usn.ubuntu.com/6202-1/","reference_id":"USN-6202-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6202-1/"},{"reference_url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/","reference_id":"vulnerability-in-linux-containers-investigation-and-mitigation","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/","reference_id":"XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/","reference_id":"ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:00:44Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582582?format=json","purl":"pkg:deb/debian/containerd@1.6.18~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.18~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25173","GHSA-hmfx-3pcx-653p"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3brf-dmwm-qkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30301?format=json","vulnerability_id":"VCID-3pwn-3668-4yev","summary":"containerd allows host filesystem access on pull\n### Impact\n\nA time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. \n\n### Patches\nThis bug has been fixed in the following containerd versions:\n\n* 2.1.1\n\nThe only affected version of containerd is 2.1.0.  Other versions of containerd are not affected.\n\nUsers should update to this version to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images.\n\n### Credits\nThe containerd project would like to thank Tõnis Tiigi for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47290\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47290.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47290","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1953","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19512","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1952","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19532","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19426","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19375","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19267","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19354","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19443","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19403","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19433","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19518","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19651","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47290"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T18:43:21Z/"}],"url":"https://github.com/containerd/containerd/commit/cada13298fba85493badb6fecb6ccf80e49673cc"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v2.1.1","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T18:43:21Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v2.1.1"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T18:43:21Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-cm76-qm8v-3j95"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47290","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47290"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367631","reference_id":"2367631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367631"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584797?format=json","purl":"pkg:deb/debian/containerd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47290","GHSA-cm76-qm8v-3j95"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pwn-3668-4yev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42021?format=json","vulnerability_id":"VCID-4qfu-ng4n-jbfx","summary":"Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32760","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21696","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21623","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21599","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21624","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21711","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21765","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21759","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21727","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21817","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21892","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21857","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21538","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21472","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21577","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21583","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21731","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/22e9a70c71eff6507be71955947a611f2ed91e6c"},{"reference_url":"https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/7ad08c69e09ee4930a48dbf2aab3cd612458617f"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.8","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.8"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.4","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.4"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32760","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32760"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/"}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982681","reference_id":"1982681","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982681"},{"reference_url":"https://security.archlinux.org/ASA-202107-70","reference_id":"ASA-202107-70","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202107-70"},{"reference_url":"https://security.archlinux.org/AVG-2174","reference_id":"AVG-2174","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2174"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/","reference_id":"DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:27:11Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDMNDPJJTP3J5GOEDB66F6MGXUTRG3Y3/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2183","reference_id":"RHSA-2022:2183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2183"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5952","reference_id":"RHSA-2023:5952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5952"},{"reference_url":"https://usn.ubuntu.com/5012-1/","reference_id":"USN-5012-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5012-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5521-1/","reference_id":"USN-USN-5521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586543?format=json","purl":"pkg:deb/debian/containerd@1.4.5~ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.5~ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32760","GHSA-c72p-9xmj-rx3w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qfu-ng4n-jbfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39463?format=json","vulnerability_id":"VCID-6vru-hsfs-rufg","summary":"Multiple vulnerabilities have been found in containerd, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93557","published_at":"2026-05-14T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93544","published_at":"2026-05-12T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93538","published_at":"2026-05-11T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93442","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93539","published_at":"2026-05-09T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93528","published_at":"2026-05-07T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93803","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.3","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.3"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257"},{"reference_url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again"},{"reference_url":"https://security.gentoo.org/glsa/202105-33","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202105-33"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487","reference_id":"1899487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487"},{"reference_url":"https://security.archlinux.org/ASA-202012-8","reference_id":"ASA-202012-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-8"},{"reference_url":"https://security.archlinux.org/AVG-1309","reference_id":"AVG-1309","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2183","reference_id":"RHSA-2022:2183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2183"},{"reference_url":"https://usn.ubuntu.com/4653-1/","reference_id":"USN-4653-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-1/"},{"reference_url":"https://usn.ubuntu.com/4653-2/","reference_id":"USN-4653-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586693?format=json","purl":"pkg:deb/debian/containerd@1.4.3~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.3~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15257","GHSA-36xw-fx78-c5r4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12708?format=json","vulnerability_id":"VCID-9qpc-77v8-13hw","summary":"Moby (Docker Engine) started with non-empty inheritable Linux process capabilities\n### Impact\n\nA bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`.  Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set.  Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set.  Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted.\n\nThis bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set.\n\n\n### Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.14.  Users should update to this version as soon as possible.  Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset.\n\nThis fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment.  Refer to `capabilities(7)` for a description of how capabilities work.  Note that permitted file capabilities continue to allow for privileges to be raised up to the container's bounding set and that processes may add capabilities to their own inheritable set up to the container's bounding set per the rules described in the manual page.  In all cases the container's bounding set provides an upper bound on the capabilities that can be assumed and provides for the container security sandbox.\n\n### Workarounds\n\nThe entrypoint of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.\n\n### Credits\n\nThe Moby project would like to thank [Andrew G. Morgan](https://github.com/AndrewGMorgan) for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at [security@docker.com](mailto:security@docker.com) if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24769.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24769","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2659","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26512","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2651","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26567","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26644","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26652","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26709","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26774","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26767","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26825","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26866","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26819","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29566","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31030"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f"},{"reference_url":"https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/7f375bcff41ce672cd61e9a31f3eeb2966e3dbe1"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.14","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v20.10.14"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5FQJ3MLFSEKQYCFPFZIKYGBXPZUJFVY"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPOJUJZXGMIVKRS4QR75F6OIXNQ6LDBL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIMAHZ6AUIKN7AX26KHZYBXVECIOVWBH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQCVS7WBFSTKJFNX5PGDRARMTOFWV2O7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24769","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24769"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://www.debian.org/security/2022/dsa-5162","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5162"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/05/12/1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/05/12/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066837","reference_id":"2066837","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2066837"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1357","reference_id":"RHSA-2022:1357","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1363","reference_id":"RHSA-2022:1363","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1370","reference_id":"RHSA-2022:1370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1622","reference_id":"RHSA-2022:1622","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1699","reference_id":"RHSA-2022:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2265","reference_id":"RHSA-2022:2265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2265"},{"reference_url":"https://usn.ubuntu.com/5776-1/","reference_id":"USN-5776-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5776-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584986?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586174?format=json","purl":"pkg:deb/debian/containerd@1.6.2~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.2~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-24769","GHSA-2mm7-x5h6-5pvq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9qpc-77v8-13hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30290?format=json","vulnerability_id":"VCID-az9e-udkj-8kck","summary":"containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.\n# Impact\n\nA bug was found in the containerd's CRI implementation where containerd doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node.\n\n# Patches\n\nThis bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue.\n\n# Workarounds\n\nDisable usernamespaced pods in Kubernetes temporarily.\n\n# Credits\n\nThe containerd project would like to thank Rodrigo Campos Catelin and Piotr Rogowski for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n#  For more information\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47291.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-47291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47291","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50381","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50502","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50508","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50484","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5043","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5044","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50392","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50315","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50368","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.504","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50352","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50426","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50408","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50456","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50474","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50459","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47291"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-21T19:19:32Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47291","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-47291"},{"reference_url":"https://pkg.go.dev/vuln/GO-2025-3701","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2025-3701"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367852","reference_id":"2367852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584797?format=json","purl":"pkg:deb/debian/containerd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-47291","GHSA-cxfp-7pvr-95ff"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-az9e-udkj-8kck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52453?format=json","vulnerability_id":"VCID-d42a-4prp-m7hb","summary":"Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux\n### Impact\n\nContainers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of specially-configured bind mounts in a hostPath volume. This relabeling elevates permissions for the container, granting full read/write access over the affected files and directories. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.\n\nIf you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not affected by this issue.\n\n### Patches\n\nThis bug has been fixed in containerd 1.5.9.  Because file labels persist independently of containerd, users should both update to these versions as soon as they are released and validate that all files on their host are correctly labeled.\n\n### Workarounds\n\nEnsure that no sensitive files or directories are used as a hostPath volume source location.  Policy enforcement mechanisms such a Kubernetes Pod Security Policy [AllowedHostPaths](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems) may be specified to limit the files and directories that can be bind-mounted to containers.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43816.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43816","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34696","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34628","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34603","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.347","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34664","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34591","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35072","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35113","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35147","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35116","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34813","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35064","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34964","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35164","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43816"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://github.com/containerd/containerd/commit/a731039238c62be081eb8c31525b988415745eea"},{"reference_url":"https://github.com/containerd/containerd/issues/6194","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://github.com/containerd/containerd/issues/6194"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c"},{"reference_url":"https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://github.com/dweomer/containerd/commit/f7f08f0e34fb97392b0d382e58916d6865100299"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43816","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044434","reference_id":"2044434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044434"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/","reference_id":"GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GD5GH7NMK5VJMA2Y5CYB5O5GTPYMWMLX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/","reference_id":"MPDIZMI7ZPERSZE2XO265UCK5IWM7CID","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:45:32Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPDIZMI7ZPERSZE2XO265UCK5IWM7CID/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4956","reference_id":"RHSA-2022:4956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4956"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/584797?format=json","purl":"pkg:deb/debian/containerd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586473?format=json","purl":"pkg:deb/debian/containerd@1.5.9~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.9~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-43816","GHSA-mvff-h3cj-wj9c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d42a-4prp-m7hb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29638?format=json","vulnerability_id":"VCID-f2yv-ut5v-m7ey","summary":"containerd affected by a local privilege escalation via wide permissions on CRI directory\n### Impact\n\nAn overly broad default permission vulnerability was found in containerd.\n\n- `/var/lib/containerd` was created with the permission bits 0o711, while it should be created with 0o700\n  - Allowed local users on the host to potentially access the metadata store and the content store\n- `/run/containerd/io.containerd.grpc.v1.cri` was created with 0o755, while it should be created with 0o700\n  - Allowed local users on the host to potentially access the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.\n- `/run/containerd/io.containerd.sandbox.controller.v1.shim` was created with 0o711, while it should be created with 0o700\n\nThe directory paths may differ depending on the daemon configuration.\nWhen the `temp` directory path is specified in the daemon configuration, that directory was also created with 0o711, while it should be created with 0o700.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.2.0\n* 2.1.5\n* 2.0.7\n* 1.7.29\n\nUsers should update to these versions to resolve the issue.\nThese updates automatically change the permissions of the existing directories.\n\n> [!NOTE]\n>\n> `/run/containerd` and `/run/containerd/io.containerd.runtime.v2.task` are still created with 0o711.\n> This is an expected behavior for supporting userns-remapped containers.\n\n### Workarounds\n\nThe system administrator on the host can manually chmod the directories to not \nhave group or world accessible permisisons:\n\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\n\nAn alternative mitigation would be to run containerd in [rootless mode](https://github.com/containerd/containerd/blob/main/docs/rootless.md).\n\n### Credits\n\nThe containerd project would like to thank David Leadbeater for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25621.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25621","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00189","published_at":"2026-05-14T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0019","published_at":"2026-05-12T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00194","published_at":"2026-05-09T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00193","published_at":"2026-05-07T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00195","published_at":"2026-05-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00149","published_at":"2026-04-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00192","published_at":"2026-05-11T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00191","published_at":"2026-04-16T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00151","published_at":"2026-04-11T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00157","published_at":"2026-04-04T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0015","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00351","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25621"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/blob/main/docs/rootless.md","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/"}],"url":"https://github.com/containerd/containerd/blob/main/docs/rootless.md"},{"reference_url":"https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/"}],"url":"https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-06T19:34:44Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25621","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25621"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120285","reference_id":"1120285","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120285"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413190","reference_id":"2413190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22955","reference_id":"RHSA-2025:22955","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22955"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23248","reference_id":"RHSA-2025:23248","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23248"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23428","reference_id":"RHSA-2025:23428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23644","reference_id":"RHSA-2025:23644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2343","reference_id":"RHSA-2026:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2456","reference_id":"RHSA-2026:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3122","reference_id":"RHSA-2026:3122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3713","reference_id":"RHSA-2026:3713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5807","reference_id":"RHSA-2026:5807","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5807"},{"reference_url":"https://usn.ubuntu.com/7983-1/","reference_id":"USN-7983-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7983-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586686?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586687?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-25621","GHSA-pwhc-rpq9-4c8w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2yv-ut5v-m7ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53011?format=json","vulnerability_id":"VCID-gbw6-3a59-mbhu","summary":"containerd v1.2.x can be coerced into leaking credentials during image pull\n## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73797","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73739","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73716","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73754","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7373","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73705","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73575","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7358","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74894","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74851","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://darkbit.io/blog/cve-2020-15157-containerdrip","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://darkbit.io/blog/cve-2020-15157-containerdrip"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.2.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.2.14"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157"},{"reference_url":"https://usn.ubuntu.com/4589-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-1"},{"reference_url":"https://usn.ubuntu.com/4589-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-2"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248","reference_id":"1888248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248"},{"reference_url":"https://usn.ubuntu.com/4589-1/","reference_id":"USN-4589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-1/"},{"reference_url":"https://usn.ubuntu.com/4589-2/","reference_id":"USN-4589-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583752?format=json","purl":"pkg:deb/debian/containerd@1.3.2~ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.3.2~ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15157","GHSA-742w-89gc-8m9c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34359?format=json","vulnerability_id":"VCID-kuwr-ugf2-rke4","summary":"Insufficiently restricted permissions on plugin directories\n### Impact\nA bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n### Patches\nThis vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.\n\n### Workarounds\nLimit access to the host to trusted users. Update directory permission on container bundles directories. \n\n### For more information\nIf you have any questions or comments about this advisory: \n* Open an issue in [github.com/containerd/containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41103","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24648","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24356","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2448","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24535","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24614","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24624","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24611","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24668","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24709","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24766","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24805","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24579","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44526","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44461","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49101","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41103"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.11","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.11"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.7","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.7"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41103","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41103"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://www.debian.org/security/2021/dsa-5002","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-5002"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011007","reference_id":"2011007","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011007"},{"reference_url":"https://security.archlinux.org/AVG-2439","reference_id":"AVG-2439","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:5673","reference_id":"RHSA-2022:5673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:5673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6517","reference_id":"RHSA-2022:6517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6517"},{"reference_url":"https://usn.ubuntu.com/5100-1/","reference_id":"USN-5100-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5100-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5521-1/","reference_id":"USN-USN-5521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586107?format=json","purl":"pkg:deb/debian/containerd@1.4.5~ds1-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.5~ds1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586108?format=json","purl":"pkg:deb/debian/containerd@1.5.7~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.5.7~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-41103","GHSA-c2h3-6mxw-7mvq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwr-ugf2-rke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14291?format=json","vulnerability_id":"VCID-t345-zgxj-6keq","summary":"containerd environment variable leak\n## Impact\n\nContainers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers.  If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared.\n\nIf you are not using containerd’s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue.\n\nIf you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4.  Users should update to these versions as soon as they are released.\n\n## Workarounds\n\nThere are no known workarounds.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io if you think you’ve found a security bug.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21334.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21334.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21334","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64827","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64772","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6478","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64736","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64709","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64714","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64608","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64682","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64685","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64648","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64677","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64689","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64672","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64568","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64621","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6465","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64702","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21334"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e"},{"reference_url":"https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/2d9c8aa4b3f4313982c5c999af57212a1c5d144b"},{"reference_url":"https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/cbcb2f57fbe221986f96b552855eb802f63193de"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.3.10","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.3.10"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.4"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4"},{"reference_url":"https://github.com/containerd/cri/pull/1628","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/cri/pull/1628"},{"reference_url":"https://github.com/containerd/cri/pull/1629","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/cri/pull/1629"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21334","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21334"},{"reference_url":"https://security.gentoo.org/glsa/202105-33","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202105-33"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937935","reference_id":"1937935","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1937935"},{"reference_url":"https://security.archlinux.org/AVG-1650","reference_id":"AVG-1650","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1650"},{"reference_url":"https://usn.ubuntu.com/4881-1/","reference_id":"USN-4881-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4881-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582817?format=json","purl":"pkg:deb/debian/containerd@1.4.4~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.4~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-21334","GHSA-6g2q-w5j3-fwh4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t345-zgxj-6keq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42022?format=json","vulnerability_id":"VCID-tc5s-4nx2-y7d9","summary":"Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23471","reference_id":"","reference_type":"","scores":[{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.4779","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47693","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47752","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47778","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47729","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47663","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47746","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47801","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47797","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47821","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47807","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47861","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47854","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00245","scoring_system":"epss","scoring_elements":"0.47724","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23471"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/241563be06a3de8b6a849414c4e805b68d3bb295"},{"reference_url":"https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/"}],"url":"https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.16","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.16"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.6.12","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.6.12"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23471","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23471"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:52:53Z/"}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://usn.ubuntu.com/5776-1/","reference_id":"USN-5776-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5776-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586036?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586037?format=json","purl":"pkg:deb/debian/containerd@1.6.12~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.12~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-23471","GHSA-2qjp-425j-52j9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tc5s-4nx2-y7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29340?format=json","vulnerability_id":"VCID-twq1-g136-9kc3","summary":"containerd has an integer overflow in User ID handling\n### Impact\nA bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions: \n\n* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)\n* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)\n* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images.\n\n### Credits\nThe containerd project would like to thank [Benjamin Koltermann](https://github.com/p4ck3t0) and [emxll](https://github.com/emxll) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-40635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40635","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02699","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02709","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02599","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02591","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02609","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02626","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19316","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19193","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19149","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19043","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19124","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19218","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19179","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19215","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-40635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/"}],"url":"https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da"},{"reference_url":"https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/"}],"url":"https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20"},{"reference_url":"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/"}],"url":"https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T14:17:05Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40635","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40635"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806","reference_id":"1100806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353043","reference_id":"2353043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353043"},{"reference_url":"https://usn.ubuntu.com/7374-1/","reference_id":"USN-7374-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7374-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585335?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/585336?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2024-40635","GHSA-265r-hfxg-fhmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twq1-g136-9kc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29688?format=json","vulnerability_id":"VCID-xd4a-qav4-uqd1","summary":"containerd CRI server: Host memory exhaustion through Attach goroutine leak\n### Impact\n\nA bug was found in containerd's CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. \n\nRepetitive calls of CRI Attach (e.g., [`kubectl attach`](https://kubernetes.io/docs/reference/kubectl/generated/kubectl_attach/)) could increase the memory usage of containerd.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.2.0\n* 2.1.5\n* 2.0.7\n* 1.7.29\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\n\nSet up an admission controller to control accesses to `pods/attach` resources.\ne.g., [Validating Admission Policy](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/).\n\n### Credits\n\nThe containerd project would like to thank @Wheat2018 for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64329.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64329","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00256","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00258","published_at":"2026-04-13T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00259","published_at":"2026-04-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00262","published_at":"2026-04-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00264","published_at":"2026-04-08T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00266","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00392","published_at":"2026-05-14T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00377","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00401","published_at":"2026-04-21T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.004","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00402","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00398","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00405","published_at":"2026-05-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00397","published_at":"2026-05-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00394","published_at":"2026-05-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00389","published_at":"2026-05-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00673","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00681","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64329"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64329"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:41:50Z/"}],"url":"https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-07T17:41:50Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64329","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343","reference_id":"1120343","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413299","reference_id":"2413299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2413299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2900","reference_id":"RHSA-2026:2900","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2900"},{"reference_url":"https://usn.ubuntu.com/7983-1/","reference_id":"USN-7983-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7983-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/586686?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921926?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64329","GHSA-m6hq-p25p-ffr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd4a-qav4-uqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30861?format=json","vulnerability_id":"VCID-yyye-gaug-8uh2","summary":"OCI image importer memory exhaustion in github.com/containerd/containerd\n### Impact\nWhen importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images are used and that only trusted users have permissions to import images. \n\n### Credits\n\nThe containerd project would like to thank [David Korczynski](https://github.com/DavidKorczynski) and [Adam Korczynski](https://github.com/AdamKorcz) of ADA Logics for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md) during a security fuzzing audit sponsored by CNCF.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25153.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25153","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40914","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40909","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40894","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40925","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40938","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40936","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40865","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40921","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43166","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43245","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43242","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43161","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43309","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43098","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43067","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43128","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43111","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43034","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25153"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/"}],"url":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.18","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.18"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.6.18","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/"}],"url":"https://github.com/containerd/containerd/releases/tag/v1.6.18"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:57:30Z/"}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25153","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25153"},{"reference_url":"https://pkg.go.dev/vuln/GO-2023-1573","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2023-1573"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174473","reference_id":"2174473","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174473"},{"reference_url":"https://security.gentoo.org/glsa/202408-01","reference_id":"GLSA-202408-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202408-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6817","reference_id":"RHSA-2023:6817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6817"},{"reference_url":"https://usn.ubuntu.com/6202-1/","reference_id":"USN-6202-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6202-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582582?format=json","purl":"pkg:deb/debian/containerd@1.6.18~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.18~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-25153","GHSA-259w-8hf6-59c2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyye-gaug-8uh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42023?format=json","vulnerability_id":"VCID-zedh-ff93-yka4","summary":"Multiple vulnerabilities have been found in containerd, the worst of which could result in privilege escalation.","references":[{"reference_url":"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23648","reference_id":"","reference_type":"","scores":[{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90614","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90617","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90623","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90605","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90587","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90579","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90564","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05848","scoring_system":"epss","scoring_elements":"0.90637","published_at":"2026-05-14T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90846","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90829","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90831","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.9083","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06156","scoring_system":"epss","scoring_elements":"0.90804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0813","scoring_system":"epss","scoring_elements":"0.92141","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.13","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.13"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.5.10","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.5.10"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.6.1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.6.1"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23648","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23648"},{"reference_url":"https://security.gentoo.org/glsa/202401-31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-31"},{"reference_url":"https://www.debian.org/security/2022/dsa-5091","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2022/dsa-5091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060029","reference_id":"2060029","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060029"},{"reference_url":"https://security.archlinux.org/AVG-2725","reference_id":"AVG-2725","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2725"},{"reference_url":"https://usn.ubuntu.com/5311-1/","reference_id":"USN-5311-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5311-1/"},{"reference_url":"https://usn.ubuntu.com/5311-2/","reference_id":"USN-5311-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5311-2/"},{"reference_url":"https://usn.ubuntu.com/USN-5521-1/","reference_id":"USN-USN-5521-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5521-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583156?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582581?format=json","purl":"pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.4.13~ds1-1~deb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583157?format=json","purl":"pkg:deb/debian/containerd@1.6.1~ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.1~ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582583?format=json","purl":"pkg:deb/debian/containerd@1.6.20~ds1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xd4a-qav4-uqd1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.6.20~ds1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582584?format=json","purl":"pkg:deb/debian/containerd@1.7.24~ds1-6%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@1.7.24~ds1-6%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582585?format=json","purl":"pkg:deb/debian/containerd@2.1.4~ds2-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.4~ds2-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/921925?format=json","purl":"pkg:deb/debian/containerd@2.1.6%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}],"aliases":["CVE-2022-23648","GHSA-crp2-qrr5-8pq7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zedh-ff93-yka4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/containerd@2.1.6%252Bds1-1%3Fdistro=trixie"}