Wheat2018

**Name of the Vulnerable Software and Affected Versions** containerd versions 1.7.28 and below containerd versions 2.0.0-beta.0 through 2.0.6 containerd versions 2.1.0-beta.0 through 2.1.4 containerd versions 2.2.0-beta.0 through 2.2.0-rc.1 **Description** containerd, an open-source container runtime, is affected by a bug in the CRI Attach implementation. This issue can lead to memory exhaustion on the host system due to goroutine leaks. The issue affects multiple versions of containerd. An admission controller can be used to control access to pods/attach resources as a workaround. **Recommendations** Update to containerd version 1.7.29 or later. Update to containerd version 2.0.7 or later. Update to containerd version 2.1.5 or later. Update to containerd version 2.2.0 or later. Set up an admission controller to control accesses to pods/attach resources.