DEBIAN-CVE-2023-25153
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 16 Feb 2023, 15:15
Last modified:28 Apr 2026, 20:25
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.5 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Feb 2023, 15:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:25
Last Modified
Vulnerability information updated
Description
containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Systems
- debian•containerd
< 1.4.13~ds1-1~deb11u4 | < 1.6.18~ds1-1 | < 1.6.18~ds1-1 | < 1.6.18~ds1-1