csaf_suse - suse-su-2023:1827-1

Vulnerability from csaf_suse

Published

2023-04-13 08:18

Modified

2023-04-13 08:18

Summary

Security update for containerd

Notes

Title of the patch

Security update for containerd

Description of the patch

This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).

Patchnames

SUSE-2023-1827,SUSE-SLE-Micro-5.3-2023-1827,SUSE-SLE-Micro-5.4-2023-1827,SUSE-SLE-Module-Containers-15-SP4-2023-1827,SUSE-SUSE-MicroOS-5.1-2023-1827,SUSE-SUSE-MicroOS-5.2-2023-1827,openSUSE-Leap-Micro-5.3-2023-1827,openSUSE-SLE-15.4-2023-1827

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for containerd",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for containerd fixes the following issues:\n\nUpdate to containerd v1.6.19:\n\nSecurity fixes:\n    \n- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).\n- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2023-1827,SUSE-SLE-Micro-5.3-2023-1827,SUSE-SLE-Micro-5.4-2023-1827,SUSE-SLE-Module-Containers-15-SP4-2023-1827,SUSE-SUSE-MicroOS-5.1-2023-1827,SUSE-SUSE-MicroOS-5.2-2023-1827,openSUSE-Leap-Micro-5.3-2023-1827,openSUSE-SLE-15.4-2023-1827",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1827-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2023:1827-1",
            url: "https://www.suse.com/support/update/announcement/2023/suse-su-20231827-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2023:1827-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2023-May/014726.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1208423",
            url: "https://bugzilla.suse.com/1208423",
         },
         {
            category: "self",
            summary: "SUSE Bug 1208426",
            url: "https://bugzilla.suse.com/1208426",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2023-25153 page",
            url: "https://www.suse.com/security/cve/CVE-2023-25153/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2023-25173 page",
            url: "https://www.suse.com/security/cve/CVE-2023-25173/",
         },
      ],
      title: "Security update for containerd",
      tracking: {
         current_release_date: "2023-04-13T08:18:28Z",
         generator: {
            date: "2023-04-13T08:18:28Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2023:1827-1",
         initial_release_date: "2023-04-13T08:18:28Z",
         revision_history: [
            {
               date: "2023-04-13T08:18:28Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "containerd-1.6.19-150000.87.1.aarch64",
                        product: {
                           name: "containerd-1.6.19-150000.87.1.aarch64",
                           product_id: "containerd-1.6.19-150000.87.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-ctr-1.6.19-150000.87.1.aarch64",
                        product: {
                           name: "containerd-ctr-1.6.19-150000.87.1.aarch64",
                           product_id: "containerd-ctr-1.6.19-150000.87.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-devel-1.6.19-150000.87.1.aarch64",
                        product: {
                           name: "containerd-devel-1.6.19-150000.87.1.aarch64",
                           product_id: "containerd-devel-1.6.19-150000.87.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "containerd-1.6.19-150000.87.1.i586",
                        product: {
                           name: "containerd-1.6.19-150000.87.1.i586",
                           product_id: "containerd-1.6.19-150000.87.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-ctr-1.6.19-150000.87.1.i586",
                        product: {
                           name: "containerd-ctr-1.6.19-150000.87.1.i586",
                           product_id: "containerd-ctr-1.6.19-150000.87.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-devel-1.6.19-150000.87.1.i586",
                        product: {
                           name: "containerd-devel-1.6.19-150000.87.1.i586",
                           product_id: "containerd-devel-1.6.19-150000.87.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "containerd-1.6.19-150000.87.1.ppc64le",
                        product: {
                           name: "containerd-1.6.19-150000.87.1.ppc64le",
                           product_id: "containerd-1.6.19-150000.87.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-ctr-1.6.19-150000.87.1.ppc64le",
                        product: {
                           name: "containerd-ctr-1.6.19-150000.87.1.ppc64le",
                           product_id: "containerd-ctr-1.6.19-150000.87.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-devel-1.6.19-150000.87.1.ppc64le",
                        product: {
                           name: "containerd-devel-1.6.19-150000.87.1.ppc64le",
                           product_id: "containerd-devel-1.6.19-150000.87.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "containerd-1.6.19-150000.87.1.s390x",
                        product: {
                           name: "containerd-1.6.19-150000.87.1.s390x",
                           product_id: "containerd-1.6.19-150000.87.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-ctr-1.6.19-150000.87.1.s390x",
                        product: {
                           name: "containerd-ctr-1.6.19-150000.87.1.s390x",
                           product_id: "containerd-ctr-1.6.19-150000.87.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-devel-1.6.19-150000.87.1.s390x",
                        product: {
                           name: "containerd-devel-1.6.19-150000.87.1.s390x",
                           product_id: "containerd-devel-1.6.19-150000.87.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "containerd-1.6.19-150000.87.1.x86_64",
                        product: {
                           name: "containerd-1.6.19-150000.87.1.x86_64",
                           product_id: "containerd-1.6.19-150000.87.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-ctr-1.6.19-150000.87.1.x86_64",
                        product: {
                           name: "containerd-ctr-1.6.19-150000.87.1.x86_64",
                           product_id: "containerd-ctr-1.6.19-150000.87.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "containerd-devel-1.6.19-150000.87.1.x86_64",
                        product: {
                           name: "containerd-devel-1.6.19-150000.87.1.x86_64",
                           product_id: "containerd-devel-1.6.19-150000.87.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Micro 5.3",
                        product: {
                           name: "SUSE Linux Enterprise Micro 5.3",
                           product_id: "SUSE Linux Enterprise Micro 5.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-micro:5.3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Micro 5.4",
                        product: {
                           name: "SUSE Linux Enterprise Micro 5.4",
                           product_id: "SUSE Linux Enterprise Micro 5.4",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-micro:5.4",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Containers 15 SP4",
                        product: {
                           name: "SUSE Linux Enterprise Module for Containers 15 SP4",
                           product_id: "SUSE Linux Enterprise Module for Containers 15 SP4",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-containers:15:sp4",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Micro 5.1",
                        product: {
                           name: "SUSE Linux Enterprise Micro 5.1",
                           product_id: "SUSE Linux Enterprise Micro 5.1",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:suse-microos:5.1",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Micro 5.2",
                        product: {
                           name: "SUSE Linux Enterprise Micro 5.2",
                           product_id: "SUSE Linux Enterprise Micro 5.2",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:suse-microos:5.2",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap Micro 5.3",
                        product: {
                           name: "openSUSE Leap Micro 5.3",
                           product_id: "openSUSE Leap Micro 5.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap-micro:5.3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.4",
                        product: {
                           name: "openSUSE Leap 15.4",
                           product_id: "openSUSE Leap 15.4",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.4",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
               product_id: "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
               product_id: "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
               product_id: "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
               product_id: "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
               product_id: "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
               product_id: "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
            },
            product_reference: "containerd-1.6.19-150000.87.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-devel-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-devel-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-devel-1.6.19-150000.87.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
            },
            product_reference: "containerd-devel-1.6.19-150000.87.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-devel-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-devel-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-devel-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
               product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-devel-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
               product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
               product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
               product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
               product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
               product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
               product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of openSUSE Leap Micro 5.3",
               product_id: "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "openSUSE Leap Micro 5.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of openSUSE Leap Micro 5.3",
               product_id: "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "openSUSE Leap Micro 5.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.aarch64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.ppc64le as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
            },
            product_reference: "containerd-1.6.19-150000.87.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.s390x as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-1.6.19-150000.87.1.x86_64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.aarch64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.ppc64le as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.s390x as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "containerd-ctr-1.6.19-150000.87.1.x86_64 as component of openSUSE Leap 15.4",
               product_id: "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
            },
            product_reference: "containerd-ctr-1.6.19-150000.87.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.4",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-25153",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2023-25153",
            },
         ],
         notes: [
            {
               category: "general",
               text: "containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2023-25153",
               url: "https://www.suse.com/security/cve/CVE-2023-25153",
            },
            {
               category: "external",
               summary: "SUSE Bug 1208423 for CVE-2023-25153",
               url: "https://bugzilla.suse.com/1208423",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2023-04-13T08:18:28Z",
               details: "moderate",
            },
         ],
         title: "CVE-2023-25153",
      },
      {
         cve: "CVE-2023-25173",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2023-25173",
            },
         ],
         notes: [
            {
               category: "general",
               text: "containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
               "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
               "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
               "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
               "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
               "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2023-25173",
               url: "https://www.suse.com/security/cve/CVE-2023-25173",
            },
            {
               category: "external",
               summary: "SUSE Bug 1208426 for CVE-2023-25173",
               url: "https://bugzilla.suse.com/1208426",
            },
            {
               category: "external",
               summary: "SUSE Bug 1215588 for CVE-2023-25173",
               url: "https://bugzilla.suse.com/1215588",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.1:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.2:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Micro 5.4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.aarch64",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.ppc64le",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.s390x",
                  "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-devel-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.ppc64le",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.s390x",
                  "openSUSE Leap 15.4:containerd-ctr-1.6.19-150000.87.1.x86_64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.aarch64",
                  "openSUSE Leap Micro 5.3:containerd-1.6.19-150000.87.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2023-04-13T08:18:28Z",
               details: "moderate",
            },
         ],
         title: "CVE-2023-25173",
      },
   ],
}

CVE-2023-25173 (GCVE-0-2023-25173)

Vulnerability from cvelistv5

Published

2023-02-16 14:09

Modified

2025-03-10 21:10

Severity ?

5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.

References

▼	URL	Tags
	https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p	x_refsource_CONFIRM
	https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4	x_refsource_MISC
	https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a	x_refsource_MISC
	https://github.com/advisories/GHSA-4wjj-jwc9-2x96	x_refsource_MISC
	https://github.com/advisories/GHSA-fjm8-m7m6-2fjp	x_refsource_MISC
	https://github.com/advisories/GHSA-phjr-8j92-w5v7	x_refsource_MISC
	https://github.com/containerd/containerd/releases/tag/v1.5.18	x_refsource_MISC
	https://github.com/containerd/containerd/releases/tag/v1.6.18	x_refsource_MISC
	https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/

Impacted products

	Vendor	Product	Version
	containerd	containerd	Version: < 1.5.18 Version: >= 1.6.0, < 1.6.18

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T11:18:35.671Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",
               },
               {
                  name: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4",
               },
               {
                  name: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",
               },
               {
                  name: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96",
               },
               {
                  name: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp",
               },
               {
                  name: "https://github.com/advisories/GHSA-phjr-8j92-w5v7",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-phjr-8j92-w5v7",
               },
               {
                  name: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
               },
               {
                  name: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
               },
               {
                  name: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-25173",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-10T21:00:44.060345Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-10T21:10:38.648Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "containerd",
               vendor: "containerd",
               versions: [
                  {
                     status: "affected",
                     version: "< 1.5.18",
                  },
                  {
                     status: "affected",
                     version: ">= 1.6.0, < 1.6.18",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "LOW",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-863",
                     description: "CWE-863: Incorrect Authorization",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-15T20:06:31.329Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p",
            },
            {
               name: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4",
            },
            {
               name: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/commit/133f6bb6cd827ce35a5fb279c1ead12b9d21460a",
            },
            {
               name: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/advisories/GHSA-4wjj-jwc9-2x96",
            },
            {
               name: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/advisories/GHSA-fjm8-m7m6-2fjp",
            },
            {
               name: "https://github.com/advisories/GHSA-phjr-8j92-w5v7",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/advisories/GHSA-phjr-8j92-w5v7",
            },
            {
               name: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
            },
            {
               name: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
            },
            {
               name: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
            },
            {
               url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
            },
         ],
         source: {
            advisory: "GHSA-hmfx-3pcx-653p",
            discovery: "UNKNOWN",
         },
         title: "containerd supplementary groups are not set up properly",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2023-25173",
      datePublished: "2023-02-16T14:09:12.073Z",
      dateReserved: "2023-02-03T16:59:18.247Z",
      dateUpdated: "2025-03-10T21:10:38.648Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-25153 (GCVE-0-2023-25153)

Vulnerability from cvelistv5

Published

2023-02-16 14:09

Modified

2025-03-10 21:10

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

References

▼	URL	Tags
	https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2	x_refsource_CONFIRM
	https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4	x_refsource_MISC
	https://github.com/containerd/containerd/releases/tag/v1.5.18	x_refsource_MISC
	https://github.com/containerd/containerd/releases/tag/v1.6.18	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	containerd	containerd	Version: < 1.5.18 Version: >= 1.6.0, < 1.6.18

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T11:18:35.221Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2",
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2",
               },
               {
                  name: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4",
               },
               {
                  name: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
               },
               {
                  name: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-25153",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-10T20:57:30.825093Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-10T21:10:44.159Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "containerd",
               vendor: "containerd",
               versions: [
                  {
                     status: "affected",
                     version: "< 1.5.18",
                  },
                  {
                     status: "affected",
                     version: ">= 1.6.0, < 1.6.18",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18.  Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-770",
                     description: "CWE-770: Allocation of Resources Without Limits or Throttling",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-02-16T14:09:08.519Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2",
            },
            {
               name: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4",
            },
            {
               name: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/releases/tag/v1.5.18",
            },
            {
               name: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/containerd/containerd/releases/tag/v1.6.18",
            },
         ],
         source: {
            advisory: "GHSA-259w-8hf6-59c2",
            discovery: "UNKNOWN",
         },
         title: "containerd OCI image importer memory exhaustion",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2023-25153",
      datePublished: "2023-02-16T14:09:08.519Z",
      dateReserved: "2023-02-03T16:59:18.242Z",
      dateUpdated: "2025-03-10T21:10:44.159Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

CVE-2023-25173 (GCVE-0-2023-25173)

Vulnerability from cvelistv5

CVE-2023-25153 (GCVE-0-2023-25153)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature