Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
containerd OCI image importer memory exhaustion
Vulnerability Description
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
containerd 安全漏洞
Vulnerability Description
containerd是containerd开源的一个行业标准的容器运行时。 containerd 1.6.18之前的1.6.x版本和1.5.18之前的1.5.x版本存在安全漏洞,该漏洞源于某些文件的读取字节数没有限制,攻击者利用该漏洞可能会导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A