CVE-2023-25153 MEDIUM

CVE-2023-25153: containerd OCI image importer memory exhaustion

Vendor Containerd
Product containerd
Weakness CWE-770 · Uncontrolled resource consumption
Published February 16, 2023
Last update March 10, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.

Key dates

02Disclosure timeline

February 16, 2023 CVE published
March 10, 2025 Record updated