Search CVE reports

1 – 10 of 19 results

Detailed view

Sort by:

CVE-2024-45338

Medium priority

Needs evaluation

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

7 affected packages

adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
adsys	Needs evaluation	Needs evaluation	Needs evaluation	—	—
containerd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-golang-x-net	Needs evaluation	Needs evaluation	Not in release	—	—
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
juju-core	Not in release	Not in release	Not in release	—	Needs evaluation
lxd	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-3978

Medium priority

Needs evaluation

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

4 affected packages

containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Needs evaluation	Needs evaluation	Not in release	Ignored	Ignored
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2022-41725

Medium priority

Some fixes available 6 of 19

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.16	Not in release	Not in release	Vulnerable	Vulnerable	Not in release
golang-1.17	Not in release	Fixed	Not in release	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Ignored
golang-1.20	Not in release	Not affected	Not affected	Not in release	Ignored
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2022-41723

Medium priority

Some fixes available 10 of 29

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

16 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.16	Not in release	Not in release	Vulnerable	Vulnerable	Not in release
golang-1.17	Not in release	Fixed	Not in release	Not in release	Not in release
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.19	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.20	Not in release	Not affected	Not affected	Not in release	Not in release
golang-1.21	Not affected	Not affected	Not affected	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-golang-x-net	Not affected	Vulnerable	Not in release	Not in release	Ignored
google-guest-agent	Fixed	Fixed	Fixed	Vulnerable	Vulnerable

CVE-2023-25173

Medium priority

Fixed

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a...

1 affected package

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2023-25153

Medium priority

Fixed

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where...

1 affected package

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-23471

Medium priority

Some fixes available 4 of 5

containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if...

1 affected package

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Vulnerable

CVE-2022-27664

Medium priority

Some fixes available 15 of 32

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

14 affected packages

containerd, golang, golang-1.10, golang-1.13, golang-1.14...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Not affected	Not affected	Not affected	Not affected
golang	—	Not in release	Not in release	Not in release	Ignored
golang-1.10	—	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.14	—	Not in release	Vulnerable	Not in release	Ignored
golang-1.16	—	Not in release	Fixed	Fixed	Ignored
golang-1.17	—	Vulnerable	Not in release	Not in release	Ignored
golang-1.18	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	—	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	—	Not in release	Not in release	Vulnerable	Ignored
golang-1.9	—	Not in release	Not in release	Vulnerable	Ignored
golang-golang-x-net	Not affected	Vulnerable	Not in release	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
google-guest-agent	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2022-31030

Medium priority

Some fixes available 5 of 6

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the...

1 affected package

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-24778

Medium priority

Some fixes available 3 of 5

The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function...

1 affected package

containerd

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
containerd	Not affected	Fixed	Fixed	Fixed	Vulnerable

Export to JSON

Results by page: