PT-2023-1887 · Unknown+7 · Kubernetes Containerd+6

Adam Korczynski

Published

2023-02-16

Updated

2024-09-10

CVE-2023-25153

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions containerd versions 1.6.17 and earlier, containerd versions 1.5.17 and earlier

Description The issue is related to the import of OCI images in containerd, where there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file could cause a denial of service.

Recommendations Update to containerd version 1.6.18 or later to resolve the issue. Update to containerd version 1.5.18 or later to resolve the issue. As a temporary workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Exploit

Fix

DoS

Incorrect Authorization

Allocation of Resources Without Limits

Resource Exhaustion

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-770CWE-400CWE-269

Related Identifiers

ALT-PU-2023-1480

ALT-PU-2023-5428

ALT-PU-2024-11153

ALT-PU-2024-12206

AZL-13571

AZL-13584

AZL-13674

AZL-35000

BDU:2023-01488

BDU:2023-01489

CVE-2023-25153

GHSA-259W-8HF6-59C2

GO-2023-1573

MGASA-2023-0245

OESA-2023-1147

OPENSUSE-SU-2024:12822-1

RHSA-2026:1536

SUSE-SU-2023:1826-1

SUSE-SU-2023:1827-1

SUSE-SU-2023_1826-1

SUSE-SU-2023_1827-1

USN-6202-1

Affected Products

Alt Linux

Astra Linux

Kubernetes Containerd

Linuxmint

Red Os

Suse

Ubuntu

PT-2023-1887 · Unknown+7 · Kubernetes Containerd+6

CVE-2023-25153

Weakness Enumeration

Related Identifiers

Affected Products

References · 62