vulnerability
Arch Linux: Denial of service (CVE-2022-31030)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | Jun 6, 2022 | Jul 11, 2025 | Nov 27, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
Jun 6, 2022
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API and cause containerd to consume all available memory on the computer
Solution
arch-linux-upgrade-latest
References
- CVE-2022-31030
- https://attackerkb.com/topics/CVE-2022-31030
- URL-http://www.openwall.com/lists/oss-security/2022/06/07/1
- URL-https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382
- URL-https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/
- URL-https://security.gentoo.org/glsa/202401-31
- URL-https://www.debian.org/security/2022/dsa-5162
- CWE-400
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.