Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
containerd has an integer overflow in User ID handling
Vulnerability Description
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
containerd 输入验证错误漏洞
Vulnerability Description
containerd是containerd开源的一个行业标准的容器运行时。 containerd 1.6.38之前版本、1.7.27之前版本和2.0.4之前版本存在输入验证错误漏洞,该漏洞源于UID:GID超过最大32位有符号整数时可能导致溢出。
CVSS Information
N/A
Vulnerability Type
N/A