Eriksjolund

**Name of the Vulnerable Software and Affected Versions** crun versions prior to 1.20 **Description** Crun is an open source OCI Container Runtime fully written in C. In affected versions, a malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. **Recommendations** To resolve the issue, update to crun version 1.20 or later, as the problem is fixed in this version. There are no known workarounds for this vulnerability. As a temporary workaround, consider restricting the use of the krun handler until a patch is available. Avoid using malicious container images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cri-o versions prior to 1.30.1 cri-o versions prior to 1.29.5 cri-o versions prior to 1.28.7 **Description** A flaw was found in cri-o, allowing a malicious container to create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw enables the container to read and write to arbitrary files on the host system. A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host. **Recommendations** For cri-o versions prior to 1.30.1, update to version 1.30.1 or later. For cri-o versions prior to 1.29.5, update to version 1.29.5 or later. For cri-o versions prior to 1.28.7, update to version 1.28.7 or later. As a temporary workaround, consider restricting the use of the vulnerable container functionality until a patch is available.