Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-64329

Опубликовано: 07 нояб. 2025
Источник: debian

Описание

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
containerdfixed1.7.24~ds1-10package
containerdfixed1.7.24~ds1-6+deb13u1trixiepackage
containerdno-dsabookwormpackage

Примечания

  • https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2

  • https://github.com/containerd/containerd/commit/a0d0f0ef68935338d2c710db164fa7820f692530 (v2.2.0)

  • https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750 (v1.7.29)

Связанные уязвимости

ubuntu логотип

CVE-2025-64329

CVSS3: 5.5
ubuntu
3 месяца назад

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

nvd логотип

CVE-2025-64329

CVSS3: 5.5
nvd
3 месяца назад

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.

msrc логотип

CVE-2025-64329

msrc
3 месяца назад

containerd CRI server: Host memory exhaustion through Attach goroutine leak

github логотип

GHSA-m6hq-p25p-ffr2

github
3 месяца назад

containerd CRI server: Host memory exhaustion through Attach goroutine leak

fstec логотип

BDU:2025-16113

CVSS3: 6.2
fstec
3 месяца назад

Уязвимость среды выполнения контейнеров containerd, связанная с отсутствием освобождения памяти после эффективного срока службы, позволяющая нарушителю вызвать отказ в обслуживании