CVE-2023-25153

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-25153
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25153.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-25153
Aliases
Downstream
Related
Published
2023-02-16T14:09:08.519Z
Modified
2025-11-28T02:34:58.020629Z
Severity
  • 6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
containerd OCI image importer memory exhaustion
Details

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25153.json",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/containerd/containerd

Affected ranges

Type
GIT
Repo
https://github.com/containerd/containerd
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
39bb06f98f17c7a226b10269d325c861585b2389
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.18"
        }
    ]
}
Type
GIT
Repo
https://github.com/containerd/containerd
Events
Introduced
39259a8f35919a0d02c9ecc2871ddd6ccf6a7c6e
Fixed
2456e983eb9e37e47538f59ea18f2043c9a73640
Database specific 
{
    "versions": [
        {
            "introduced": "1.6.0"
        },
        {
            "fixed": "1.6.18"
        }
    ]
}

Affected versions

0.*

0.0.2
0.0.3
0.0.4
0.0.5

v0.*

v0.1.0
v0.2.0
v0.2.3

v1.*

v1.0.0
v1.0.0-alpha0
v1.0.0-alpha1
v1.0.0-alpha2
v1.0.0-alpha3
v1.0.0-alpha4
v1.0.0-alpha5
v1.0.0-alpha6
v1.0.0-beta.0
v1.0.0-beta.1
v1.0.0-beta.2
v1.0.0-beta.3
v1.0.0-rc.0
v1.1.0
v1.1.0-rc.0
v1.1.0-rc.1
v1.1.0-rc.2
v1.2.0
v1.2.0-beta.0
v1.2.0-beta.1
v1.2.0-beta.2
v1.2.0-rc.0
v1.2.0-rc.1
v1.2.0-rc.2
v1.3.0
v1.3.0-beta.0
v1.3.0-beta.1
v1.3.0-beta.2
v1.3.0-rc.0
v1.3.0-rc.1
v1.3.0-rc.2
v1.3.0-rc.3
v1.4.0
v1.4.0-beta.0
v1.4.0-beta.1
v1.4.0-beta.2
v1.4.0-rc.0
v1.4.0-rc.1
v1.5.0
v1.5.0-beta.0
v1.5.0-beta.1
v1.5.0-beta.2
v1.5.0-beta.3
v1.5.0-beta.4
v1.5.0-rc.0
v1.5.0-rc.1
v1.5.0-rc.2
v1.5.0-rc.3
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.13
v1.6.14
v1.6.15
v1.6.16
v1.6.17
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9