{"api_version":"1","generated_at":"2026-04-23T00:42:10+00:00","cve":"CVE-2023-25153","urls":{"html":"https://cve.report/CVE-2023-25153","api":"https://cve.report/api/cve/CVE-2023-25153.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25153","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25153"},"summary":{"title":"CVE-2023-25153","description":"containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-02-16 15:15:00","updated_at":"2023-11-07 04:08:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2","name":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2","refsource":"MISC","tags":[],"title":"OCI image importer memory exhaustion · Advisory · containerd/containerd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/containerd/containerd/releases/tag/v1.6.18","name":"https://github.com/containerd/containerd/releases/tag/v1.6.18","refsource":"MISC","tags":[],"title":"Release containerd 1.6.18 · containerd/containerd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4","name":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4","refsource":"MISC","tags":[],"title":"Merge pull request from GHSA-259w-8hf6-59c2 · containerd/containerd@0c31490 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/containerd/containerd/releases/tag/v1.5.18","name":"https://github.com/containerd/containerd/releases/tag/v1.5.18","refsource":"MISC","tags":[],"title":"Release containerd 1.5.18 · containerd/containerd · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25153","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25153","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"25153","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linuxfoundation","cpe5":"containerd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-25153","qid":"181860","title":"Debian Security Update for containerd (CVE-2023-25153)"},{"cve":"CVE-2023-25153","qid":"199448","title":"Ubuntu Security Notification for containerd Vulnerabilities (USN-6202-1)"},{"cve":"CVE-2023-25153","qid":"283789","title":"Fedora Security Update for stargz (FEDORA-2023-ee472c698c)"},{"cve":"CVE-2023-25153","qid":"283793","title":"Fedora Security Update for containerd (FEDORA-2023-aadd08ab96)"},{"cve":"CVE-2023-25153","qid":"283794","title":"Fedora Security Update for containerd (FEDORA-2023-05b39bc048)"},{"cve":"CVE-2023-25153","qid":"284254","title":"Fedora Security Update for stargz (FEDORA-2023-62ce942e75)"},{"cve":"CVE-2023-25153","qid":"284257","title":"Fedora Security Update for containerd (FEDORA-2023-cd000ea847)"},{"cve":"CVE-2023-25153","qid":"354880","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2023-023"},{"cve":"CVE-2023-25153","qid":"354881","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2023-023"},{"cve":"CVE-2023-25153","qid":"355215","title":"Amazon Linux Security Advisory for containerd : ALAS2023-2023-156"},{"cve":"CVE-2023-25153","qid":"355315","title":"Amazon Linux Security Advisory for containerd : ALAS2ECS-2023-002"},{"cve":"CVE-2023-25153","qid":"357051","title":"Amazon Linux Security Advisory for containerd : ALAS2DOCKER-2024-035"},{"cve":"CVE-2023-25153","qid":"357058","title":"Amazon Linux Security Advisory for containerd : ALAS2NITRO-ENCLAVES-2024-035"},{"cve":"CVE-2023-25153","qid":"502839","title":"Alpine Linux Security Update for containerd"},{"cve":"CVE-2023-25153","qid":"6140059","title":"AWS Bottlerocket Security Update for containerd (GHSA-pp3v-5483-gc93)"},{"cve":"CVE-2023-25153","qid":"672859","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-1591)"},{"cve":"CVE-2023-25153","qid":"672969","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-1837)"},{"cve":"CVE-2023-25153","qid":"672971","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-1864)"},{"cve":"CVE-2023-25153","qid":"673024","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-1971)"},{"cve":"CVE-2023-25153","qid":"673027","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-1949)"},{"cve":"CVE-2023-25153","qid":"673082","title":"EulerOS Security Update for docker-engine (EulerOS-SA-2023-2142)"},{"cve":"CVE-2023-25153","qid":"673137","title":"EulerOS Security Update for containerd (EulerOS-SA-2023-2285)"},{"cve":"CVE-2023-25153","qid":"673146","title":"EulerOS Security Update for containerd (EulerOS-SA-2023-2261)"},{"cve":"CVE-2023-25153","qid":"905563","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-engine (13584)"},{"cve":"CVE-2023-25153","qid":"905566","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for k3s (13571)"},{"cve":"CVE-2023-25153","qid":"905573","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13608)"},{"cve":"CVE-2023-25153","qid":"905615","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13674)"},{"cve":"CVE-2023-25153","qid":"906544","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13608-1)"},{"cve":"CVE-2023-25153","qid":"906558","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13608-3)"},{"cve":"CVE-2023-25153","qid":"906620","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-engine (13584-3)"},{"cve":"CVE-2023-25153","qid":"906664","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13674-3)"},{"cve":"CVE-2023-25153","qid":"906802","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (13608-5)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-25153","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-770: Allocation of Resources Without Limits or Throttling","cweId":"CWE-770"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"containerd","product":{"product_data":[{"product_name":"containerd","version":{"version_data":[{"version_affected":"=","version_value":"< 1.5.18"},{"version_affected":"=","version_value":">= 1.6.0, < 1.6.18"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2","refsource":"MISC","name":"https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2"},{"url":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4","refsource":"MISC","name":"https://github.com/containerd/containerd/commit/0c314901076a74a7b797a545d2f462285fdbb8c4"},{"url":"https://github.com/containerd/containerd/releases/tag/v1.5.18","refsource":"MISC","name":"https://github.com/containerd/containerd/releases/tag/v1.5.18"},{"url":"https://github.com/containerd/containerd/releases/tag/v1.6.18","refsource":"MISC","name":"https://github.com/containerd/containerd/releases/tag/v1.6.18"}]},"source":{"advisory":"GHSA-259w-8hf6-59c2","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.2,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-02-16 15:15:00","lastModifiedDate":"2023-11-07 04:08:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.18","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndExcluding":"1.6.18","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}