CVE-2025-64329

{"id": "CVE-2025-64329", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-11-07T05:16:08.017", "references": [{"url": "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources."}, {"lang": "es", "value": "containerd es un tiempo de ejecuci\u00f3n de contenedores de c\u00f3digo abierto. Las versiones 1.7.28 e inferiores, 2.0.0-beta.0 hasta 2.0.6, 2.1.0-beta.0 hasta 2.1.4, y 2.2.0-beta.0 hasta 2.2.0-rc.1 contienen un error en la implementaci\u00f3n de CRI Attach donde un usuario puede agotar la memoria en el host debido a fugas de goroutines. Este problema est\u00e1 solucionado en las versiones 1.7.29, 2.0.7, 2.1.5 y 2.2.0. Como soluci\u00f3n alternativa a esta vulnerabilidad, los usuarios pueden configurar un controlador de admisi\u00f3n para controlar los accesos a los recursos pods/attach."}], "lastModified": "2025-12-31T18:34:48.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD786582-F4AE-41DD-B61F-BD8AF4FC1A04", "versionEndExcluding": "1.7.29"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07087EDC-9E6A-45D1-B6D2-E7F4016CD46E", "versionEndExcluding": "2.0.7", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E760B42-E25C-4780-85AE-D003D6425700", "versionEndExcluding": "2.1.5", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEF71FE5-2286-4D94-82DD-7509CE85F1F6"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3290FD7B-0A16-4968-9800-78B947EF213D"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:2.2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4352A29-4DFC-4EBE-BE0E-97DEB76E5A30"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57685264-6950-4CB9-ACBE-6944EB3B2C1C"}, {"criteria": "cpe:2.3:a:linuxfoundation:containerd:2.2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D640701-1D0B-41B7-83B0-79592902E6AC"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}