← Zuruck zu CVEs
CVE-2023-25153
MEDIUM6.2
Beschreibung
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
CVE Details
CVSS v3.1 Bewertung6.2
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/16/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linuxfoundation:containerd
Schwachen (CWE)
CWE-770CWE-770
Referenzen
https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4(security-advisories@github.com)
https://github.com/containerd/containerd/releases/tag/v1.5.18(security-advisories@github.com)
https://github.com/containerd/containerd/releases/tag/v1.6.18(security-advisories@github.com)
https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2(security-advisories@github.com)
https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containerd/containerd/releases/tag/v1.5.18(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containerd/containerd/releases/tag/v1.6.18(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.