{ "schema_version": "1.4.0", "id": "GHSA-265r-hfxg-fhmg", "modified": "2025-05-05T00:30:19Z", "published": "2025-03-17T21:24:42Z", "aliases": [ "CVE-2024-40635" ], "summary": "containerd has an integer overflow in User ID handling", "details": "### Impact\nA bug was found in containerd where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user.\n\n### Patches\nThis bug has been fixed in the following containerd versions: \n\n* 2.0.4 (Fixed in https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20)\n* 1.7.27 (Fixed in https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da)\n* 1.6.38 (Fixed in https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a)\n\nUsers should update to these versions to resolve the issue.\n\n### Workarounds\nEnsure that only trusted images are used and that only trusted users have permissions to import images.\n\n### Credits\nThe containerd project would like to thank [Benjamin Koltermann](https://github.com/p4ck3t0) and [emxll](https://github.com/emxll) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### References\n* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40635\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" } ], "affected": [ { "package": { "ecosystem": "Go", "name": "github.com/containerd/containerd/v2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.0.4" } ] } ] }, { "package": { "ecosystem": "Go", "name": "github.com/containerd/containerd" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "1.7.0-beta.0" }, { "fixed": "1.7.27" } ] } ] }, { "package": { "ecosystem": "Go", "name": "github.com/containerd/containerd" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.6.38" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40635" }, { "type": "WEB", "url": "https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da" }, { "type": "WEB", "url": "https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20" }, { "type": "WEB", "url": "https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a" }, { "type": "PACKAGE", "url": "https://github.com/containerd/containerd" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html" } ], "database_specific": { "cwe_ids": [ "CWE-190" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-03-17T21:24:42Z", "nvd_published_at": "2025-03-17T22:15:13Z" } }