5.5
CVE-2026-47262
- EPSS 0.32%
- Veröffentlicht 01.07.2026 17:48:43
- Zuletzt bearbeitet 02.07.2026 19:40:45
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
containerd image-triggered runtime DoS via unbounded group parsing
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Containerd Version >= 1.7.0 < 1.7.33
Linuxfoundation ≫ Containerd Version >= 2.0.0 < 2.0.10
Linuxfoundation ≫ Containerd Version >= 2.1.0 < 2.1.9
Linuxfoundation ≫ Containerd Version >= 2.2.0 < 2.2.5
Linuxfoundation ≫ Containerd Version >= 2.3.0 < 2.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.235 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq