VYPR
Moderate severityNVD Advisory· Published Mar 17, 2025· Updated May 4, 2025

containerd has an integer overflow in User ID handling

CVE-2024-40635

Description

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/containerd/containerd/v2Go
< 2.0.42.0.4
github.com/containerd/containerdGo
>= 1.7.0-beta.0, < 1.7.271.7.27
github.com/containerd/containerdGo
< 1.6.381.6.38

Affected products

444

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.