CVE-2024-40635
containerd has an integer overflow in User ID handling
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.
Containerd es un entorno de ejecución de contenedores de código abierto. Se detectó un error en containerd anterior a las versiones 1.6.38, 1.7.27 y 2.0.4. Al iniciar contenedores con un usuario definido como `UID:GID` mayor que el entero con signo de 32 bits máximo, se podía producir un desbordamiento, lo que provocaba que el contenedor se ejecutara como root (UID 0). Esto podía causar un comportamiento inesperado en entornos que requieren que los contenedores se ejecuten como un usuario no root. Este error se ha corregido en containerd 1.6.38, 1.7.27 y 2.04. Como workaround, asegúrese de que solo se utilicen imágenes de confianza y de que solo los usuarios de confianza tengan permisos para importar imágenes.
Benjamin Koltermann discovered that containerd incorrectly handled large user id values. This could result in containers possibly being run as root, contrary to expectations.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-08 CVE Reserved
- 2025-03-17 CVE Published
- 2025-03-18 CVE Updated
- 2025-03-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da | X_refsource_misc | |
| https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20 | X_refsource_misc | |
| https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a | X_refsource_misc | |
| https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Containerd Search vendor "Containerd" | Containerd Search vendor "Containerd" for product "Containerd" | < 1.6.38 Search vendor "Containerd" for product "Containerd" and version " < 1.6.38" | en |
Affected
| ||||||
| Containerd Search vendor "Containerd" | Containerd Search vendor "Containerd" for product "Containerd" | >= 1.7.0 < 1.7.27 Search vendor "Containerd" for product "Containerd" and version " >= 1.7.0 < 1.7.27" | en |
Affected
| ||||||
| Containerd Search vendor "Containerd" | Containerd Search vendor "Containerd" for product "Containerd" | >= 2.0.0 < 2.0.4 Search vendor "Containerd" for product "Containerd" and version " >= 2.0.0 < 2.0.4" | en |
Affected
| ||||||