vulnerability
Gentoo Linux: CVE-2023-25153: containerd: Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | Feb 16, 2023 | Aug 7, 2024 | Mar 31, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Feb 16, 2023
Added
Aug 7, 2024
Modified
Mar 31, 2026
Description
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Solution
gentoo-linux-upgrade-app-containers-containerd
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.