| id: GO-2023-1573 |
| modules: |
| - module: github.com/containerd/containerd |
| versions: |
| - fixed: 1.5.18 |
| - introduced: 1.6.0 |
| - fixed: 1.6.18 |
| vulnerable_at: 1.6.17 |
| packages: |
| - package: github.com/containerd/containerd/images/archive |
| symbols: |
| - onUntarJSON |
| - ImportIndex |
| summary: Memory exhaustion via OCI image importer in github.com/containerd/containerd |
| description: |- |
| When importing an OCI image, there was no limit on the number of bytes read from |
| the io.Reader passed into ImportIndex. A large number of bytes could be read |
| from this and could cause a denial of service. |
| cves: |
| - CVE-2023-25153 |
| ghsas: |
| - GHSA-259w-8hf6-59c2 |
| credits: |
| - '@AdamKorcz' |
| - '@DavidKorczynski' |
| references: |
| - advisory: https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2 |
| - fix: https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4 |
| - web: https://github.com/containerd/containerd/releases/tag/v1.5.18 |
| - web: https://github.com/containerd/containerd/releases/tag/v1.6.18 |
| review_status: REVIEWED |
