Home > Vulnerability Database > CVE-2022-31030

Mend.io Vulnerability Database

CVE-2022-31030

Good to know:

Date: June 9, 2022

containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.

Language: Go

Severity Score

5.5

Related Resources (15)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31030

Url: https://github.com/containerd/containerd/commit/c1bcabb4541930f643aa36a2b38655e131346382

Url: https://security.alpinelinux.org/vuln/CVE-2022-31030

Url: https://github.com/advisories/GHSA-5ffw-gxpp-mxpf

Url: https://security.gentoo.org/glsa/202401-31

Url: http://www.openwall.com/lists/oss-security/2022/06/07/1

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-31030

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSIGDBHAB3I75JBJNGWEPBTJPS2FOVHD/

Url: https://security-tracker.debian.org/tracker/CVE-2022-31030

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REOZCUAPCA7NFDWYBDYX6EYXWLHABKBO/

Url: https://www.debian.org/security/2022/dsa-5162

Url: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf

Url: https://www.mend.io/vulnerability-database/CVE-2022-31030

Severity Score

5.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

Upgrade to version v1.5.13,v1.6.6

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31030

Good to know:

Date: June 9, 2022

Language: Go

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?