containerd

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An open and reliable container runtime
Version 1.6.10-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2725 1.6.0-2 1.6.1-1 Unknown Unknown
Issue Group Severity Remote Type Description
CVE-2022-23648 AVG-2725 Unknown Unknown Information disclosure
containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2755 1.6.5-1 1.6.6-1 Unknown Fixed
AVG-2573 1.5.7-1 1.5.8-1 Medium Fixed
AVG-2439 1.5.6-1 1.5.7-1 Medium Fixed
AVG-2174 1.5.2-1 1.5.4-1 Medium Fixed
AVG-1650 1.4.3-1 1.4.4-1 Medium Fixed
AVG-1309 1.4.2-2 1.4.3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2022-31030 AVG-2755 Unknown No Denial of service
programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API and cause containerd to...
CVE-2021-41190 AVG-2573 Medium Yes Insufficient validation
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull...
CVE-2021-41103 AVG-2439 Medium No Directory traversal
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged...
CVE-2021-32760 AVG-2174 Medium No Directory traversal
A bug was found in containerd version prior to 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission...
CVE-2021-21334 AVG-1650 Medium No Information disclosure
A security issue was found in containerd before version 1.3.10 and 1.4.x before 1.4.4. Containers launched through containerd's CRI implementation (through...
CVE-2020-15257 AVG-1309 High No Privilege escalation
In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API...

Advisories

Date Advisory Group Severity Type
27 Jul 2021 ASA-202107-70 AVG-2174 Medium directory traversal
05 Dec 2020 ASA-202012-8 AVG-1309 High privilege escalation