VYPR

apk package

chainguard/redpanda-operator-25.1

pkg:apk/chainguard/redpanda-operator-25.1

Vulnerabilities (4)

  • CVE-2026-53488higJun 19, 2026
    affected < 25.1.4-r7fixed 25.1.4-r7

    ### Impact A bug was found in containerd where the CRI plugin propagates labels from an image config (`LABEL` instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels f

  • CVE-2026-47262Jun 19, 2026
    affected < 25.1.4-r7fixed 25.1.4-r7

    ### Impact A vulnerability in containerd allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the contai

  • CVE-2026-46680higMay 21, 2026
    affected < 25.1.4-r3fixed 25.1.4-r3

    ### Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username. If a crafted image provides an `/etc/passwd` file mapping this large numeric string to root, the con

  • CVE-2026-33814HigMay 7, 2026
    affected < 25.1.4-r2fixed 25.1.4-r2

    When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.