Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-8473-1
Vulnerability from osv_ubuntu
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. (CVE-2026-33814)
Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handled group parsing when creating containers from images. An attacker could possibly use this issue to cause containerd to consume excessive memory, resulting in a denial of service. (CVE-2026-47262)
Henry Beberman and Robert Prast discovered that containerd incorrectly validated image references when importing container checkpoints. An attacker could possibly use this issue to poison the local image cache and execute arbitrary code in other pods. (CVE-2026-50195)
Robert Prast discovered that containerd incorrectly propagated labels from image configurations to containers. An attacker could possibly use this issue to execute arbitrary code on the host. (CVE-2026-53488)
Yuming Zhang, Song Li, Sangwon Ryu, Henry Beberman, Robert Prast, Kyle Elliott and Zhenchen Wang discovered that containerd incorrectly validated symlinked paths when restoring container checkpoints. An attacker could possibly use this issue to read arbitrary files on the host, resulting in information disclosure. (CVE-2026-53489)
Robert Prast discovered that containerd incorrectly trusted device interface annotations when restoring container checkpoints. An attacker could possibly use this issue to bypass resource allocation restrictions and inject devices or host mounts into a container. (CVE-2026-53492)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-33814",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-47262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-50195",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53488",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53489",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53492",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2026-33814",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-47262",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-50195",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53488",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53489",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-53492",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
}
],
"aliases": [],
"details": "It was discovered that containerd incorrectly handled HTTP/2 SETTINGS\nframes. A remote attacker could possibly use this issue to cause containerd\nto enter an infinite loop, resulting in a denial of service. (CVE-2026-33814)\n\nJakub Ciolek and Kyle Elliott discovered that containerd incorrectly\nhandled group parsing when creating containers from images. An attacker\ncould possibly use this issue to cause containerd to consume excessive\nmemory, resulting in a denial of service. (CVE-2026-47262)\n\nHenry Beberman and Robert Prast discovered that containerd incorrectly\nvalidated image references when importing container checkpoints. An\nattacker could possibly use this issue to poison the local image cache and\nexecute arbitrary code in other pods. (CVE-2026-50195)\n\nRobert Prast discovered that containerd incorrectly propagated labels\nfrom image configurations to containers. An attacker could possibly use\nthis issue to execute arbitrary code on the host. (CVE-2026-53488)\n\nYuming Zhang, Song Li, Sangwon Ryu, Henry Beberman, Robert Prast, Kyle\nElliott and Zhenchen Wang discovered that containerd incorrectly validated\nsymlinked paths when restoring container checkpoints. An attacker could\npossibly use this issue to read arbitrary files on the host, resulting in\ninformation disclosure. (CVE-2026-53489)\n\nRobert Prast discovered that containerd incorrectly trusted device\ninterface annotations when restoring container checkpoints. An attacker\ncould possibly use this issue to bypass resource allocation restrictions\nand inject devices or host mounts into a container. (CVE-2026-53492)",
"id": "USN-8473-1",
"modified": "2026-07-03T19:31:47Z",
"published": "2026-06-25T13:14:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33814"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-47262"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-50195"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53488"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53489"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53492"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "containerd-stable vulnerabilities",
"upstream": [
"UBUNTU-CVE-2026-33814",
"UBUNTU-CVE-2026-47262",
"UBUNTU-CVE-2026-50195",
"UBUNTU-CVE-2026-53488",
"UBUNTU-CVE-2026-53489",
"UBUNTU-CVE-2026-53492"
]
}
ubuntu-cve-2026-33814
Vulnerability from osv_ubuntu
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0+git20150226.3d87fd6-3",
"0.0+git20151007.b846920+dfsg-1",
"1:0.0+git20150817.66f0418-1",
"1:0.0+git20160110.4fd4a9f-1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1",
"1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "juju",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
},
{
"binary_name": "juju-2.0",
"binary_version": "2.3.7-0ubuntu0.16.04.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "juju-core",
"purl": "pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.24.6-0ubuntu3",
"1.25.0-0ubuntu1",
"1.25.0-0ubuntu2",
"1.25.0-0ubuntu3",
"2.0~beta4-0ubuntu2",
"2.0~beta6-0ubuntu1.16.04.1",
"2.0~beta7-0ubuntu1.16.04.1",
"2.0~beta12-0ubuntu1.16.04.1",
"2.0~beta15-0ubuntu2.16.04.1",
"2.0.0-0ubuntu0.16.04.2",
"2.0.2-0ubuntu0.16.04.1",
"2.0.2-0ubuntu0.16.04.2",
"2.3.1-0ubuntu0.16.04.1",
"2.3.2-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1",
"2.3.7-0ubuntu0.16.04.1+esm1",
"2.3.7-0ubuntu0.16.04.1+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-lxc-lxd-dev",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm3"
},
{
"binary_name": "lxc2",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm3"
},
{
"binary_name": "lxd",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm3"
},
{
"binary_name": "lxd-client",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm3"
},
{
"binary_name": "lxd-tools",
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm3?arch=source\u0026distro=esm-infra-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.20-0ubuntu4",
"0.21-0ubuntu3",
"0.21-0ubuntu5",
"0.22-0ubuntu1",
"0.22-0ubuntu2",
"0.23-0ubuntu1",
"0.23-0ubuntu2",
"0.23-0ubuntu3",
"0.24-0ubuntu2",
"0.24-0ubuntu3",
"0.24-0ubuntu4",
"0.25-0ubuntu1",
"0.26-0ubuntu2",
"0.26-0ubuntu3",
"0.27-0ubuntu1",
"0.27-0ubuntu2",
"2.0.0~beta1-0ubuntu3",
"2.0.0~beta1-0ubuntu4",
"2.0.0~beta2-0ubuntu1",
"2.0.0~beta2-0ubuntu2",
"2.0.0~beta3-0ubuntu1",
"2.0.0~beta3-0ubuntu2",
"2.0.0~beta3-0ubuntu3",
"2.0.0~beta3-0ubuntu4",
"2.0.0~beta4-0ubuntu1",
"2.0.0~beta4-0ubuntu2",
"2.0.0~beta4-0ubuntu3",
"2.0.0~beta4-0ubuntu4",
"2.0.0~beta4-0ubuntu5",
"2.0.0~beta4-0ubuntu6",
"2.0.0~beta4-0ubuntu7",
"2.0.0~rc1-0ubuntu1",
"2.0.0~rc1-0ubuntu2",
"2.0.0~rc1-0ubuntu3",
"2.0.0~rc2-0ubuntu2",
"2.0.0~rc2-0ubuntu3",
"2.0.0~rc3-0ubuntu1",
"2.0.0~rc3-0ubuntu2",
"2.0.0~rc3-0ubuntu3",
"2.0.0~rc3-0ubuntu4",
"2.0.0~rc4-0ubuntu1",
"2.0.0~rc5-0ubuntu1",
"2.0.0~rc6-0ubuntu1",
"2.0.0~rc6-0ubuntu2",
"2.0.0~rc7-0ubuntu1",
"2.0.0~rc7-0ubuntu2",
"2.0.0~rc8-0ubuntu1",
"2.0.0~rc8-0ubuntu2",
"2.0.0~rc8-0ubuntu3",
"2.0.0~rc8-0ubuntu5",
"2.0.0~rc8-0ubuntu6",
"2.0.0~rc8-0ubuntu7",
"2.0.0~rc9-0ubuntu2",
"2.0.0~rc9-0ubuntu3",
"2.0.0~rc9-0ubuntu4",
"2.0.0~rc9-0ubuntu5",
"2.0.0-0ubuntu1",
"2.0.0-0ubuntu2",
"2.0.0-0ubuntu3",
"2.0.0-0ubuntu4",
"2.0.1-0ubuntu1~16.04.1",
"2.0.2-0ubuntu1~16.04.1",
"2.0.3-0ubuntu1~ubuntu16.04.2",
"2.0.4-0ubuntu1~ubuntu16.04.1",
"2.0.5-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.1",
"2.0.8-0ubuntu1~ubuntu16.04.2",
"2.0.9-0ubuntu1~16.04.1",
"2.0.9-0ubuntu1~16.04.2",
"2.0.10-0ubuntu1~16.04.1",
"2.0.10-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.2",
"2.0.11-0ubuntu1~16.04.4",
"2.0.11-0ubuntu1~16.04.4+esm1",
"2.0.11-0ubuntu1~16.04.4+esm2",
"2.0.11-0ubuntu1~16.04.4+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.2.6-0ubuntu1~16.04.6+esm7"
},
{
"binary_name": "golang-github-docker-containerd-dev",
"binary_version": "1.2.6-0ubuntu1~16.04.6+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.2.6-0ubuntu1~16.04.6+esm7?arch=source\u0026distro=esm-apps-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.6-0ubuntu1~16.04.6+esm7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.1-0ubuntu4~16.04",
"0.2.3-0ubuntu1~16.04",
"0.2.5-0ubuntu1~16.04.1",
"1.2.6-0ubuntu1~16.04.2",
"1.2.6-0ubuntu1~16.04.3",
"1.2.6-0ubuntu1~16.04.4",
"1.2.6-0ubuntu1~16.04.5",
"1.2.6-0ubuntu1~16.04.6",
"1.2.6-0ubuntu1~16.04.6+esm1",
"1.2.6-0ubuntu1~16.04.6+esm2",
"1.2.6-0ubuntu1~16.04.6+esm4",
"1.2.6-0ubuntu1~16.04.6+esm5",
"1.2.6-0ubuntu1~16.04.6+esm6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20240716.00-0ubuntu1~16.04.0+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20240716.00-0ubuntu1~16.04.0+esm3?arch=source\u0026distro=esm-apps-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~16.04.0",
"20230426.00-0ubuntu2~16.04.3",
"20231004.02-0ubuntu1~16.04.1",
"20231004.02-0ubuntu1~16.04.2",
"20240716.00-0ubuntu1~16.04.0",
"20240716.00-0ubuntu1~16.04.0+esm1",
"20240716.00-0ubuntu1~16.04.0+esm2",
"20240716.00-0ubuntu1~16.04.0+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "lxd",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm3"
},
{
"binary_name": "lxd-client",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm3"
},
{
"binary_name": "lxd-tools",
"binary_version": "3.0.3-0ubuntu1~18.04.2+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.18-0ubuntu6",
"2.19-0ubuntu1",
"2.20-0ubuntu3",
"2.20-0ubuntu4",
"2.21-0ubuntu1",
"2.21-0ubuntu2",
"2.21-0ubuntu3",
"2.21-0ubuntu4",
"3.0.0~beta2-0ubuntu3",
"3.0.0~beta3-0ubuntu3",
"3.0.0~beta5-0ubuntu2",
"3.0.0~beta7-0ubuntu1",
"3.0.0-0ubuntu1",
"3.0.0-0ubuntu2",
"3.0.0-0ubuntu3",
"3.0.0-0ubuntu4",
"3.0.1-0ubuntu1~18.04.1",
"3.0.2-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.1",
"3.0.3-0ubuntu1~18.04.2",
"3.0.3-0ubuntu1~18.04.2+esm1",
"3.0.3-0ubuntu1~18.04.2+esm2",
"3.0.3-0ubuntu1~18.04.2+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~18.04.1+esm4?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~18.04.1+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.5-0ubuntu2",
"1.2.6-0ubuntu1~18.04.1",
"1.2.6-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.1",
"1.3.3-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.3",
"1.3.3-0ubuntu1~18.04.4",
"1.4.4-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.1",
"1.5.2-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.3",
"1.5.5-0ubuntu3~18.04.1",
"1.5.5-0ubuntu3~18.04.2",
"1.5.9-0ubuntu1~18.04.1",
"1.5.9-0ubuntu1~18.04.2",
"1.6.12-0ubuntu1~18.04.1",
"1.6.12-0ubuntu1~18.04.1+esm1",
"1.6.12-0ubuntu1~18.04.1+esm2",
"1.6.12-0ubuntu1~18.04.1+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1",
"1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2",
"1:0.0+git20170629.c81e7f2+dfsg-2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm2",
"1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20241011.01-0ubuntu1~18.04.0+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20241011.01-0ubuntu1~18.04.0+esm3?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~18.04.0",
"20210414.00-0ubuntu1~18.04.0",
"20210629.00-0ubuntu1~18.04.1",
"20220622.00-0ubuntu2~18.04.0",
"20220622.00-0ubuntu2~18.04.1",
"20230426.00-0ubuntu2~18.04.0",
"20231004.02-0ubuntu1~18.04.2",
"20231004.02-0ubuntu1~18.04.3",
"20240716.00-0ubuntu1~18.04.0",
"20241011.01-0ubuntu1~18.04.0",
"20241011.01-0ubuntu1~18.04.0+esm1",
"20241011.01-0ubuntu1~18.04.0+esm2",
"20241011.01-0ubuntu1~18.04.0+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm2"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.9.2~20.04.2ubuntu0.1+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.9.2~20.04.2ubuntu0.1+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.2~20.04.2ubuntu0.1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.8~22.04",
"0.9.2~20.04",
"0.9.2~20.04.1",
"0.9.2~20.04.2",
"0.9.2~20.04.2ubuntu0.1",
"0.9.2~20.04.2ubuntu0.1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~20.04.8+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~20.04.8+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~20.04.8+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.2.10-0ubuntu1",
"1.3.2-0ubuntu1",
"1.3.3-0ubuntu1",
"1.3.3-0ubuntu2",
"1.3.3-0ubuntu2.1",
"1.3.3-0ubuntu2.2",
"1.3.3-0ubuntu2.3",
"1.4.4-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.1",
"1.5.2-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.3",
"1.5.5-0ubuntu3~20.04.1",
"1.5.5-0ubuntu3~20.04.2",
"1.5.9-0ubuntu1~20.04.1",
"1.5.9-0ubuntu1~20.04.4",
"1.5.9-0ubuntu1~20.04.5",
"1.5.9-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.1",
"1.6.12-0ubuntu1~20.04.3",
"1.6.12-0ubuntu1~20.04.5",
"1.6.12-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.7",
"1.6.12-0ubuntu1~20.04.8",
"1.6.12-0ubuntu1~20.04.8+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20250116.00-0ubuntu1~20.04.0+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~20.04.0+esm3?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20201217.02-0ubuntu1~20.04.0",
"20210414.00-0ubuntu1~20.04.0",
"20210629.00-0ubuntu1~20.04.0",
"20220622.00-0ubuntu2~20.04.0",
"20220622.00-0ubuntu2~20.04.2",
"20230426.00-0ubuntu2~20.04.0",
"20231004.02-0ubuntu1~20.04.1",
"20231004.02-0ubuntu1~20.04.2",
"20231004.02-0ubuntu1~20.04.3",
"20231004.02-0ubuntu1~20.04.4",
"20240716.00-0ubuntu1~20.04.0",
"20241011.01-0ubuntu1~20.04.1",
"20250116.00-0ubuntu1~20.04.0",
"20250116.00-0ubuntu1~20.04.0+esm1",
"20250116.00-0ubuntu1~20.04.0+esm2",
"20250116.00-0ubuntu1~20.04.0+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.7.24-0ubuntu1~20.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@1.7.24-0ubuntu1~20.04.2+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.24-0ubuntu1~20.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~20.04.1",
"1.7.12-0ubuntu2~20.04.1",
"1.7.24-0ubuntu1~20.04.1",
"1.7.24-0ubuntu1~20.04.2",
"1.7.24-0ubuntu1~20.04.2+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-go.net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "golang-golang-x-net-dev",
"purl": "pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20190811.74dc4d7+dfsg-1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm2",
"1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "lxd",
"binary_version": "1:0.10"
},
{
"binary_name": "lxd-client",
"binary_version": "1:0.10"
},
{
"binary_name": "lxd-tools",
"binary_version": "1:0.10"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "lxd",
"purl": "pkg:deb/ubuntu/lxd@1:0.10?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.7",
"1:0.8",
"1:0.9",
"1:0.10"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.16.3~22.04.2ubuntu0.22.04.1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.16.3~22.04.2ubuntu0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.16.3~22.04.2ubuntu0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.3~22.04.2ubuntu0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.7.1",
"0.7.1build1",
"0.8",
"0.8ubuntu1",
"0.8.1",
"0.8.2",
"0.8.3",
"0.8.4",
"0.8.5~22.04",
"0.9.2~22.04",
"0.9.2~22.04.1",
"0.9.2~22.04.2",
"0.14.1~22.04",
"0.14.2~22.04",
"0.14.2~22.04ubuntu0.1",
"0.14.3~22.04",
"0.14.3~22.04ubuntu0.1",
"0.16.3~22.04.1",
"0.16.3~22.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~22.04.11"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~22.04.11?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~22.04.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.5-0ubuntu3",
"1.5.9-0ubuntu1",
"1.5.9-0ubuntu2",
"1.5.9-0ubuntu3",
"1.5.9-0ubuntu3.1",
"1.6.12-0ubuntu1~22.04.1",
"1.6.12-0ubuntu1~22.04.3",
"1.6.12-0ubuntu1~22.04.5",
"1.6.12-0ubuntu1~22.04.6",
"1.6.12-0ubuntu1~22.04.7",
"1.6.12-0ubuntu1~22.04.8",
"1.6.12-0ubuntu1~22.04.9",
"1.6.12-0ubuntu1~22.04.10"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20250116.00-0ubuntu1~22.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~22.04.3?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20210629.00-0ubuntu1",
"20210629.00-0ubuntu2",
"20220104.00-0ubuntu1",
"20220104.00-0ubuntu2",
"20220622.00-0ubuntu2~22.04.0",
"20220622.00-0ubuntu2~22.04.1",
"20230426.00-0ubuntu2~22.04.0",
"20231004.02-0ubuntu1~22.04.1",
"20231004.02-0ubuntu1~22.04.2",
"20231004.02-0ubuntu1~22.04.3",
"20231004.02-0ubuntu1~22.04.4",
"20231004.02-0ubuntu1~22.04.5",
"20240716.00-0ubuntu1~22.04.0",
"20241011.01-0ubuntu1~22.04.0",
"20250116.00-0ubuntu1~22.04.0",
"20250116.00-0ubuntu1~22.04.1",
"20250116.00-0ubuntu1~22.04.2",
"20250116.00-0ubuntu1~22.04.3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.0+git20210119.5f4716e+dfsg-4",
"1:0.0+git20210805.aaa1db6+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1",
"1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.16.3~24.04.2ubuntu0.24.04.1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.16.3~24.04.2ubuntu0.24.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.16.3~24.04.2ubuntu0.24.04.1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.3~24.04.2ubuntu0.24.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.13.1",
"0.13.2",
"0.13.3",
"0.14.1",
"0.14.1build1",
"0.14.1ubuntu0.24.04.1",
"0.14.2~24.04",
"0.14.2~24.04ubuntu0.1",
"0.14.3~24.04",
"0.14.3~24.04ubuntu0.1",
"0.16.3~24.04.1",
"0.16.3~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20250116.00-0ubuntu1~24.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20250116.00-0ubuntu1~24.04.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20230426.00-0ubuntu3",
"20231004.02-0ubuntu1",
"20231004.02-0ubuntu3",
"20240213.00-0ubuntu1",
"20240213.00-0ubuntu2",
"20240213.00-0ubuntu3",
"20240213.00-0ubuntu3.1",
"20240213.00-0ubuntu3.2",
"20240716.00-0ubuntu1~24.04.0",
"20240716.00-0ubuntu1~24.04.1",
"20241011.01-0ubuntu1~24.04.0",
"20250116.00-0ubuntu1~24.04.0",
"20250116.00-0ubuntu1~24.04.1",
"20250116.00-0ubuntu1~24.04.2",
"20250116.00-0ubuntu1~24.04.3",
"20250116.00-0ubuntu1~24.04.4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.21.0+dfsg-1ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.10.0-1",
"1:0.17.0+dfsg-1",
"1:0.20.0+dfsg-1",
"1:0.21.0+dfsg-1",
"1:0.21.0+dfsg-1ubuntu0.1~esm1",
"1:0.21.0+dfsg-1ubuntu0.1~esm2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.16.3ubuntu0.25.10.2"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.16.3ubuntu0.25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.16.3ubuntu0.25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.3ubuntu0.25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.16.3",
"0.16.3ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-1",
"1:0.27.0-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20250506.01-0ubuntu1.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20250506.01-0ubuntu1.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20250116.00-0ubuntu2",
"20250506.01-0ubuntu1",
"20250506.01-0ubuntu1.1",
"20250506.01-0ubuntu1.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "adsys",
"binary_version": "0.16.4ubuntu1.1"
},
{
"binary_name": "adsys-windows",
"binary_version": "0.16.4ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "adsys",
"purl": "pkg:deb/ubuntu/adsys@0.16.4ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.16.4ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.16.3",
"0.16.3ubuntu1",
"0.16.4",
"0.16.4ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-golang-x-net-dev",
"binary_version": "1:0.27.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "golang-golang-x-net",
"purl": "pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:0.27.0-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "google-guest-agent",
"binary_version": "20250506.01-0ubuntu2.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "google-guest-agent",
"purl": "pkg:deb/ubuntu/google-guest-agent@20250506.01-0ubuntu2.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"20250506.01-0ubuntu1",
"20250506.01-0ubuntu2",
"20250506.01-0ubuntu2.1"
]
}
],
"aliases": [],
"details": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"id": "UBUNTU-CVE-2026-33814",
"modified": "2026-06-30T16:20:55Z",
"published": "2026-05-07T20:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-33814"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33814"
},
{
"type": "REPORT",
"url": "https://go-review.googlesource.com/c/go/+/761581"
},
{
"type": "REPORT",
"url": "https://go-review.googlesource.com/c/net/+/761640"
},
{
"type": "REPORT",
"url": "https://github.com/golang/go/issues/78476"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/761581"
},
{
"type": "REPORT",
"url": "https://go.dev/cl/761640"
},
{
"type": "REPORT",
"url": "https://go.dev/issue/78476"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"type": "REPORT",
"url": "https://pkg.go.dev/vuln/GO-2026-4918"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8430-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8471-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8430-1",
"USN-8471-1",
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-33814"
]
}
ubuntu-cve-2026-47262
Vulnerability from osv_ubuntu
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.2.6-0ubuntu1~16.04.6+esm7"
},
{
"binary_name": "golang-github-docker-containerd-dev",
"binary_version": "1.2.6-0ubuntu1~16.04.6+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.2.6-0ubuntu1~16.04.6+esm7?arch=source\u0026distro=esm-apps-legacy/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.6-0ubuntu1~16.04.6+esm7"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.1-0ubuntu4~16.04",
"0.2.3-0ubuntu1~16.04",
"0.2.5-0ubuntu1~16.04.1",
"1.2.6-0ubuntu1~16.04.2",
"1.2.6-0ubuntu1~16.04.3",
"1.2.6-0ubuntu1~16.04.4",
"1.2.6-0ubuntu1~16.04.5",
"1.2.6-0ubuntu1~16.04.6",
"1.2.6-0ubuntu1~16.04.6+esm1",
"1.2.6-0ubuntu1~16.04.6+esm2",
"1.2.6-0ubuntu1~16.04.6+esm4",
"1.2.6-0ubuntu1~16.04.6+esm5",
"1.2.6-0ubuntu1~16.04.6+esm6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~18.04.1+esm4?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~18.04.1+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.5-0ubuntu2",
"1.2.6-0ubuntu1~18.04.1",
"1.2.6-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.1",
"1.3.3-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.3",
"1.3.3-0ubuntu1~18.04.4",
"1.4.4-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.1",
"1.5.2-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.3",
"1.5.5-0ubuntu3~18.04.1",
"1.5.5-0ubuntu3~18.04.2",
"1.5.9-0ubuntu1~18.04.1",
"1.5.9-0ubuntu1~18.04.2",
"1.6.12-0ubuntu1~18.04.1",
"1.6.12-0ubuntu1~18.04.1+esm1",
"1.6.12-0ubuntu1~18.04.1+esm2",
"1.6.12-0ubuntu1~18.04.1+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~20.04.8+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~20.04.8+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~20.04.8+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.2.10-0ubuntu1",
"1.3.2-0ubuntu1",
"1.3.3-0ubuntu1",
"1.3.3-0ubuntu2",
"1.3.3-0ubuntu2.1",
"1.3.3-0ubuntu2.2",
"1.3.3-0ubuntu2.3",
"1.4.4-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.1",
"1.5.2-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.3",
"1.5.5-0ubuntu3~20.04.1",
"1.5.5-0ubuntu3~20.04.2",
"1.5.9-0ubuntu1~20.04.1",
"1.5.9-0ubuntu1~20.04.4",
"1.5.9-0ubuntu1~20.04.5",
"1.5.9-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.1",
"1.6.12-0ubuntu1~20.04.3",
"1.6.12-0ubuntu1~20.04.5",
"1.6.12-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.7",
"1.6.12-0ubuntu1~20.04.8",
"1.6.12-0ubuntu1~20.04.8+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.7.24-0ubuntu1~20.04.2+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@1.7.24-0ubuntu1~20.04.2+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.24-0ubuntu1~20.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~20.04.1",
"1.7.12-0ubuntu2~20.04.1",
"1.7.24-0ubuntu1~20.04.1",
"1.7.24-0ubuntu1~20.04.2",
"1.7.24-0ubuntu1~20.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~22.04.11"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~22.04.11?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~22.04.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.5-0ubuntu3",
"1.5.9-0ubuntu1",
"1.5.9-0ubuntu2",
"1.5.9-0ubuntu3",
"1.5.9-0ubuntu3.1",
"1.6.12-0ubuntu1~22.04.1",
"1.6.12-0ubuntu1~22.04.3",
"1.6.12-0ubuntu1~22.04.5",
"1.6.12-0ubuntu1~22.04.6",
"1.6.12-0ubuntu1~22.04.7",
"1.6.12-0ubuntu1~22.04.8",
"1.6.12-0ubuntu1~22.04.9",
"1.6.12-0ubuntu1~22.04.10"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.24~ds1-1ubuntu1.3+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.24~ds1-1ubuntu1.3+esm3?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.24~ds1-1ubuntu1.3+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.20~ds1-1ubuntu2",
"1.6.24~ds1-1ubuntu1",
"1.6.24~ds1-1ubuntu1.1",
"1.6.24~ds1-1ubuntu1.2",
"1.6.24~ds1-1ubuntu1.2+esm1",
"1.6.24~ds1-1ubuntu1.3",
"1.6.24~ds1-1ubuntu1.3+esm1",
"1.6.24~ds1-1ubuntu1.3+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-api-dev",
"binary_version": "1.7.24~ds1-8ubuntu1.1"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.7.24~ds1-8ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.7.24~ds1-8ubuntu1.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.24~ds1-5ubuntu1",
"1.7.24~ds1-6ubuntu1",
"1.7.24~ds1-8ubuntu1",
"1.7.24~ds1-8ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-api-dev",
"binary_version": "1.7.24~ds1-10ubuntu1+esm1"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.7.24~ds1-10ubuntu1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.7.24~ds1-10ubuntu1+esm1?arch=source\u0026distro=esm-apps/resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.24~ds1-10ubuntu1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.24~ds1-8ubuntu1",
"1.7.24~ds1-10ubuntu1"
]
}
],
"aliases": [],
"details": "containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.",
"id": "UBUNTU-CVE-2026-47262",
"modified": "2026-07-09T15:20:03Z",
"published": "2026-06-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-47262"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47262"
},
{
"type": "REPORT",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8471-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8471-1",
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-47262"
]
}
ubuntu-cve-2026-50195
Vulnerability from osv_ubuntu
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
}
],
"aliases": [],
"details": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image\u0027s configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node\u0027s local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker\u0027s malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod\u0027s identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.",
"id": "UBUNTU-CVE-2026-50195",
"modified": "2026-07-09T15:20:05Z",
"published": "2026-06-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-50195"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50195"
},
{
"type": "REPORT",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-50195"
]
}
ubuntu-cve-2026-53488
Vulnerability from osv_ubuntu
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~18.04.1+esm4"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~18.04.1+esm4?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~18.04.1+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.2.5-0ubuntu2",
"1.2.6-0ubuntu1~18.04.1",
"1.2.6-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.1",
"1.3.3-0ubuntu1~18.04.2",
"1.3.3-0ubuntu1~18.04.3",
"1.3.3-0ubuntu1~18.04.4",
"1.4.4-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.1",
"1.5.2-0ubuntu1~18.04.2",
"1.5.2-0ubuntu1~18.04.3",
"1.5.5-0ubuntu3~18.04.1",
"1.5.5-0ubuntu3~18.04.2",
"1.5.9-0ubuntu1~18.04.1",
"1.5.9-0ubuntu1~18.04.2",
"1.6.12-0ubuntu1~18.04.1",
"1.6.12-0ubuntu1~18.04.1+esm1",
"1.6.12-0ubuntu1~18.04.1+esm2",
"1.6.12-0ubuntu1~18.04.1+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~20.04.8+esm2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~20.04.8+esm2?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~20.04.8+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.2.10-0ubuntu1",
"1.3.2-0ubuntu1",
"1.3.3-0ubuntu1",
"1.3.3-0ubuntu2",
"1.3.3-0ubuntu2.1",
"1.3.3-0ubuntu2.2",
"1.3.3-0ubuntu2.3",
"1.4.4-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.1",
"1.5.2-0ubuntu1~20.04.2",
"1.5.2-0ubuntu1~20.04.3",
"1.5.5-0ubuntu3~20.04.1",
"1.5.5-0ubuntu3~20.04.2",
"1.5.9-0ubuntu1~20.04.1",
"1.5.9-0ubuntu1~20.04.4",
"1.5.9-0ubuntu1~20.04.5",
"1.5.9-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.1",
"1.6.12-0ubuntu1~20.04.3",
"1.6.12-0ubuntu1~20.04.5",
"1.6.12-0ubuntu1~20.04.6",
"1.6.12-0ubuntu1~20.04.7",
"1.6.12-0ubuntu1~20.04.8",
"1.6.12-0ubuntu1~20.04.8+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "1.7.24-0ubuntu1~20.04.2+esm2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@1.7.24-0ubuntu1~20.04.2+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.24-0ubuntu1~20.04.2+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~20.04.1",
"1.7.12-0ubuntu2~20.04.1",
"1.7.24-0ubuntu1~20.04.1",
"1.7.24-0ubuntu1~20.04.2",
"1.7.24-0ubuntu1~20.04.2+esm1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.12-0ubuntu1~22.04.11"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~22.04.11?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.12-0ubuntu1~22.04.11"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.5-0ubuntu3",
"1.5.9-0ubuntu1",
"1.5.9-0ubuntu2",
"1.5.9-0ubuntu3",
"1.5.9-0ubuntu3.1",
"1.6.12-0ubuntu1~22.04.1",
"1.6.12-0ubuntu1~22.04.3",
"1.6.12-0ubuntu1~22.04.5",
"1.6.12-0ubuntu1~22.04.6",
"1.6.12-0ubuntu1~22.04.7",
"1.6.12-0ubuntu1~22.04.8",
"1.6.12-0ubuntu1~22.04.9",
"1.6.12-0ubuntu1~22.04.10"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.6.24~ds1-1ubuntu1.3+esm3"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:Pro:24.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.6.24~ds1-1ubuntu1.3+esm3?arch=source\u0026distro=esm-apps/noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.24~ds1-1ubuntu1.3+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.6.20~ds1-1ubuntu2",
"1.6.24~ds1-1ubuntu1",
"1.6.24~ds1-1ubuntu1.1",
"1.6.24~ds1-1ubuntu1.2",
"1.6.24~ds1-1ubuntu1.2+esm1",
"1.6.24~ds1-1ubuntu1.3",
"1.6.24~ds1-1ubuntu1.3+esm1",
"1.6.24~ds1-1ubuntu1.3+esm2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-api-dev",
"binary_version": "1.7.24~ds1-8ubuntu1.1"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.7.24~ds1-8ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.7.24~ds1-8ubuntu1.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.24~ds1-5ubuntu1",
"1.7.24~ds1-6ubuntu1",
"1.7.24~ds1-8ubuntu1",
"1.7.24~ds1-8ubuntu1.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "golang-github-containerd-containerd-api-dev",
"binary_version": "1.7.24~ds1-10ubuntu1+esm1"
},
{
"binary_name": "golang-github-containerd-containerd-dev",
"binary_version": "1.7.24~ds1-10ubuntu1+esm1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"name": "containerd",
"purl": "pkg:deb/ubuntu/containerd@1.7.24~ds1-10ubuntu1+esm1?arch=source\u0026distro=esm-apps/resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.24~ds1-10ubuntu1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.24~ds1-8ubuntu1",
"1.7.24~ds1-10ubuntu1"
]
}
],
"aliases": [],
"details": "containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.",
"id": "UBUNTU-CVE-2026-53488",
"modified": "2026-07-03T20:00:12Z",
"published": "2026-06-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53488"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"type": "REPORT",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8471-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8471-1",
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-53488"
]
}
ubuntu-cve-2026-53489
Vulnerability from osv_ubuntu
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "High severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
}
],
"aliases": [],
"details": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.",
"id": "UBUNTU-CVE-2026-53489",
"modified": "2026-07-09T15:21:03Z",
"published": "2026-06-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53489"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53489"
},
{
"type": "REPORT",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-53489"
]
}
ubuntu-cve-2026-53492
Vulnerability from osv_ubuntu
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~22.04.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~22.04.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~22.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu1~22.04.1",
"1.7.12-0ubuntu2~22.04.1",
"1.7.24-0ubuntu1~22.04.1",
"1.7.24-0ubuntu1~22.04.2",
"1.7.27-0ubuntu1~22.04.1",
"1.7.28-0ubuntu1~22.04.1",
"2.2.1-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~24.04.3"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~24.04.3?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~24.04.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.2-0ubuntu2",
"1.7.12-0ubuntu1",
"1.7.12-0ubuntu2",
"1.7.12-0ubuntu3",
"1.7.12-0ubuntu4",
"1.7.12-0ubuntu4.1",
"1.7.19-0ubuntu1~24.04.1",
"1.7.19+really1.7.12-0ubuntu4.2",
"1.7.24-0ubuntu1~24.04.1",
"1.7.24-0ubuntu1~24.04.2",
"1.7.27-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.1",
"1.7.28-0ubuntu1~24.04.2",
"2.2.1-0ubuntu1~24.04.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.1-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.1-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.2-0ubuntu2",
"2.0.5-0ubuntu1",
"2.1.3-0ubuntu2",
"2.1.3-0ubuntu3",
"2.1.3-0ubuntu3.1",
"2.2.1-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.1.6-0ubuntu1~25.10.2"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.1.6-0ubuntu1~25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6-0ubuntu1~25.10.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.6-0ubuntu1~25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-app",
"purl": "pkg:deb/ubuntu/containerd-app@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu3",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "containerd-stable",
"binary_version": "2.2.2-0ubuntu1.1"
}
],
"priority_reason": "Critical severity"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "containerd-stable",
"purl": "pkg:deb/ubuntu/containerd-stable@2.2.2-0ubuntu1.1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2-0ubuntu1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.1.3-0ubuntu1",
"2.1.5-0ubuntu1",
"2.2.1-0ubuntu1",
"2.2.2-0ubuntu1"
]
}
],
"aliases": [],
"details": "containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.",
"id": "UBUNTU-CVE-2026-53492",
"modified": "2026-07-09T15:21:03Z",
"published": "2026-06-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-53492"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
},
{
"type": "REPORT",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8472-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8473-1"
}
],
"related": [
"USN-8472-1",
"USN-8473-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-53492"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.