VYPR

Cri O

by Cri O

Source repositories

CVEs (13)

  • CVE-2025-0750MedJan 28, 2025
    risk 0.43cvss 6.6epss 0.00

    A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by…

  • CVE-2024-8676HigNov 26, 2024
    risk 0.41cvss 7.4epss 0.01

    A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the…

  • CVE-2024-3154HigApr 26, 2024
    risk 0.40cvss 7.2epss 0.01

    A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

  • CVE-2025-4437MedAug 20, 2025
    risk 0.37cvss 5.7epss 0.00

    There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it…

  • CVE-2022-0811Mar 16, 2022
    risk 0.02cvss epss 0.19

    A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the…

  • CVE-2024-9676Oct 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned…

  • CVE-2024-5154Jun 12, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

  • CVE-2022-3466Sep 15, 2023
    risk 0.00cvss epss 0.00

    The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in…

  • CVE-2022-1708Jun 7, 2022
    risk 0.00cvss epss 0.03

    A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and…

  • CVE-2022-0532Feb 9, 2022
    risk 0.00cvss epss 0.01

    An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.

  • CVE-2019-14819Jan 7, 2020
    risk 0.00cvss epss 0.01

    A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges…

  • CVE-2019-14891Nov 25, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could…

  • CVE-2018-1000400HigMay 18, 2018
    risk 0.00cvss 8.8epss 0.02

    Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. This attack appears…