Linuxfoundation

Containerd

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.25%
  • Veröffentlicht 01.07.2026 18:10:41
  • Zuletzt bearbeitet 02.07.2026 19:33:12

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary ...

  • EPSS 0.48%
  • Veröffentlicht 01.07.2026 17:59:12
  • Zuletzt bearbeitet 02.07.2026 19:33:00

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container resto...

  • EPSS 0.32%
  • Veröffentlicht 01.07.2026 17:50:53
  • Zuletzt bearbeitet 02.07.2026 19:43:59

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration....

  • EPSS 0.46%
  • Veröffentlicht 01.07.2026 17:48:43
  • Zuletzt bearbeitet 02.07.2026 19:40:45

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from thi...

  • EPSS 0.22%
  • Veröffentlicht 01.07.2026 17:40:25
  • Zuletzt bearbeitet 03.07.2026 04:17:53

containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNo...

  • EPSS 0.23%
  • Veröffentlicht 01.07.2026 00:11:20
  • Zuletzt bearbeitet 03.07.2026 04:17:55

containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in...

  • EPSS 0.16%
  • Veröffentlicht 07.11.2025 04:15:09
  • Zuletzt bearbeitet 31.12.2025 18:34:48

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on t...

  • EPSS 0.16%
  • Veröffentlicht 06.11.2025 18:36:21
  • Zuletzt bearbeitet 31.12.2025 02:29:30

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib...

  • EPSS 0.24%
  • Veröffentlicht 21.05.2025 17:26:31
  • Zuletzt bearbeitet 19.09.2025 17:25:42

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarch...

  • EPSS 0.44%
  • Veröffentlicht 20.05.2025 18:25:51
  • Zuletzt bearbeitet 19.09.2025 17:28:20

containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. ...