VYPR
Moderate severityNVD Advisory· Published Feb 16, 2023· Updated Mar 10, 2025

containerd OCI image importer memory exhaustion

CVE-2023-25153

Description

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/containerd/containerdGo
< 1.5.181.5.18
github.com/containerd/containerdGo
>= 1.6.0, < 1.6.181.6.18

Affected products

14

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.