6.9
CVE-2025-64329
- EPSS 0.02%
- Veröffentlicht 07.11.2025 04:15:09
- Zuletzt bearbeitet 31.12.2025 18:34:48
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
Logincontainerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Containerd Version < 1.7.29
Linuxfoundation ≫ Containerd Version >= 2.0.0 < 2.0.7
Linuxfoundation ≫ Containerd Version >= 2.1.0 < 2.1.5
Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta0
Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta1
Linuxfoundation ≫ Containerd Version2.2.0 Updatebeta2
Linuxfoundation ≫ Containerd Version2.2.0 Updaterc0
Linuxfoundation ≫ Containerd Version2.2.0 Updaterc1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.041 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.